Gabe84 Posted January 23, 2015 Share Posted January 23, 2015 Hi, I'm experiencing something strange, when visiting Microsoft website and I hover over images containing links I see that those links point to ib.adnxs.com, this happens with both Firefox and Midori, however this happens only on the Microsoft's website homepage, I've tried Bing, Outlook.com, WindowsPhone.com other websites like Google, Amazon, Facebook, Twitter and also local Italian websites but this does not happen, also this does not happen when I hover over text links. I'm not getting redirected to any other website, I clicked on an image and Ghostery blocked it, I'm not seeing any pop ups or any change in my search engines, or any extension besides those I installed myself. I'm using Lubuntu 14.04 fully updated and Firefox 35.0 with Ghostery, AdBlock Plus, Hola Better Internet, LastPass, X-Notifier and Ubuntu Firefox Modifications. I've guess somehow I've been infected by that hijacker, even if I have no idea how that happened, how can I remove that? Thanks Link to comment Share on other sites More sharing options...
xendrome Posted January 23, 2015 Share Posted January 23, 2015 I've got this showing up in DNS requests also (blocked) but not sure exactly what is generating the traffic yet. I will take a look more tomorrow and try to update this post. Link to comment Share on other sites More sharing options...
gohpep Posted January 23, 2015 Share Posted January 23, 2015 http://www.theguardian.com/technology/2012/apr/23/adnxs-tracking-trackers-cookies-web-monitoring Link to comment Share on other sites More sharing options...
Shiranui Posted January 23, 2015 Share Posted January 23, 2015 Uninstall any dubious software, if any, you have recently installed that you suspect maybe involved. Download and run AdwCleaner Download and run Malwarebytes Anti-Malware Link to comment Share on other sites More sharing options...
Gabe84 Posted January 23, 2015 Author Share Posted January 23, 2015 I don't know if I'm right or wrong, but I'm using Firefox's dev tools to analyze the page, this is what I see when I select those particular images (text based links are fine) Italian version: <a id="703b75e7-03b7-3a7c-1d71-bd1e807870c1" target="_self" class="mscom-link" href="http://ib.adnxs.com/clktrb?id=438904" bi:linkid="F1A-GEN-152Q1ITIT59568-UNK">Scopri di pi Link to comment Share on other sites More sharing options...
xendrome Posted January 23, 2015 Share Posted January 23, 2015 If you want to block this, an easy way is to use OpenDNS, and make sure you are blocking category "Adware". Link to comment Share on other sites More sharing options...
Guest Posted January 23, 2015 Share Posted January 23, 2015 I'm getting exactly the same thing. I dunno if their website has been hacked or purposely made that way, because it wasn't like that few days ago. Link to comment Share on other sites More sharing options...
Max Norris Posted January 23, 2015 Share Posted January 23, 2015 It's just another analytics engine, same as sites using google-analytics.com, etc etc isn't it? (See #3.) It's fairly hard to find a site not using at least one of these anymore. Link to comment Share on other sites More sharing options...
Gabe84 Posted January 23, 2015 Author Share Posted January 23, 2015 If you want to block this, an easy way is to use OpenDNS, and make sure you are blocking category "Adware". I tried your solution, but it isn't working I keep seeing this, I hover over a link and that link points to another website. I'm getting exactly the same thing. I dunno if their website has been hacked or purposely made that way, because it wasn't like that few days ago. I'm seriously confused. I mean, Microsoft got hacked by such a well documented adware? Really? And after more than 24 hours they can't fix that? I just can't believe that. Nevertheless, analyzing their page with Firefox's dev tools it really looks like that redirect is injected into their code but, yet again, I refuse to believe their main site can get hacked so easily and they just don't realize it, and it's not just their Italian version, US version is affected too, at least on my PC. On the other hand, I just may have got infected by this adware, even though I have no idea how, I only install software via the packet manager and install only trusted updates, but, in the event of an infection, I'd expect to see more than a few redirects on just one homepage - redirects that when I clicked it, before I realized something was off, got blocked by Ghostery -, I'd expect to see changes to my browser's search engines, start page, maybe extensions too, redirects and pop ups everywhere, slow downs, but I don't see any of that, rather, as a matter of fact, after yesterday's updates my browser and system seem even faster. Or maybe my PC is infected but this adware can't just cause too much trouble on Linux. Link to comment Share on other sites More sharing options...
zhangm Supervisor Posted January 23, 2015 Supervisor Share Posted January 23, 2015 I see it on the US version of the Microsoft homepage. The links in the upper third all refer to adnxs servers and are broken (404 on clicking them). Page is served as https with the Microsoft cert. Clicking the link gives: Link to comment Share on other sites More sharing options...
gohpep Posted January 24, 2015 Share Posted January 24, 2015 They are using it for consumer monitoring and analysis. It is placed by Microsoft. For me, when I bypass Ghostery, it works, and goes to the correlating Microsoft page. Link to comment Share on other sites More sharing options...
Gabe84 Posted January 24, 2015 Author Share Posted January 24, 2015 They are using it for consumer monitoring and analysis. It is placed by Microsoft. For me, when I bypass Ghostery, it works, and goes to the correlating Microsoft page. So basically Microsoft, instead of just using one of those sites that Ghostery usually picks up and blocks, they're pushing their traffic through this ib.adnxs.com site and then to their website, something like, for what I understand, those guys who upload pirated stuff on cyberlockers and then post links on forums but sometimes they make you go through interstitial webpages so they get revenue, in this case instead ib.adnxs.com acts like an interstitial webpage who doesn't show you ads in order to generate revenue for Microsoft but essentially they just use it to track you. And that site is safe? What worries me is that all over the internet I read bad stuff about this website, even if all link scanners, except MyWOT and Quttera, say that it's safe, I guess you can use their services to do something legitimate like consumer analysis as well as spreading malicious software and as a redirect for adwares. Link to comment Share on other sites More sharing options...
gohpep Posted January 24, 2015 Share Posted January 24, 2015 So basically Microsoft, instead of just using one of those sites that Ghostery usually picks up and blocks, they're pushing their traffic through this ib.adnxs.com site and then to their website, something like, for what I understand, those guys who upload pirated stuff on cyberlockers and then post links on forums but sometimes they make you go through interstitial webpages so they get revenue, in this case instead ib.adnxs.com acts like an interstitial webpage who doesn't show you ads in order to generate revenue for Microsoft but essentially they just use it to track you. And that site is safe? What worries me is that all over the internet I read bad stuff about this website, even if all link scanners, except MyWOT and Quttera, say that it's safe, I guess you can use their services to do something legitimate like consumer analysis as well as spreading malicious software and as a redirect for adwares. Just seeing who visits each link and from what page, and how long until they clicked, and stuff like that. Not the most private company. Link to comment Share on other sites More sharing options...
Max Norris Posted January 24, 2015 Share Posted January 24, 2015 And that site is safe? Welcome to the Internet. Most every site out there uses some sort of tracker, analytics engine, etc. Including the one you're on right now. Link to comment Share on other sites More sharing options...
Gabe84 Posted January 24, 2015 Author Share Posted January 24, 2015 Just seeing who visits each link and from what page, and how long until they clicked, and stuff like that. Not the most private company. Ok, well, what's important is that we're not talking about a possible infection but just Microsoft choosing a particular service for its purposes. I guess this thread is solved. Welcome to the Internet. Most every site out there uses some sort of tracker, analytics engine, etc. Including the one you're on right now. Yup, that's why I use Ghostery. Link to comment Share on other sites More sharing options...
Max Norris Posted January 24, 2015 Share Posted January 24, 2015 Yup, that's why I use Ghostery. Yea that's a good option, I re-read my previous comment, came off a little harsh, unintended that way.. just meant it's an extremely common thing nowadays, not just advertising but keeping track of what's popular versus what isn't, etc etc, helps publishers provide a better site in the long run.. although it wouldn't surprise me if there's been cases of these sort of things being abused or hijacked. That said I block all of it too, safety first and all that. Link to comment Share on other sites More sharing options...
Gabe84 Posted January 25, 2015 Author Share Posted January 25, 2015 Yea that's a good option, I re-read my previous comment, came off a little harsh, unintended that way.. just meant it's an extremely common thing nowadays, not just advertising but keeping track of what's popular versus what isn't, etc etc, helps publishers provide a better site in the long run.. although it wouldn't surprise me if there's been cases of these sort of things being abused or hijacked. That said I block all of it too, safety first and all that. No problem man. I was worried about that particular site just because it seems that many malicious softwares redirect your traffic to that site once your system is compromised, probably it's a perfectly safe site, otherwise I think Microsoft wouldn't use it, that can also be used for malicious purposes. Link to comment Share on other sites More sharing options...
Recommended Posts