Gabe84 Posted January 23, 2015 Share Posted January 23, 2015 Hi, I'm experiencing something strange, when visiting Microsoft website and I hover over images containing links I see that those links point to ib.adnxs.com, this happens with both Firefox and Midori, however this happens only on the Microsoft's website homepage, I've tried Bing, Outlook.com, WindowsPhone.com other websites like Google, Amazon, Facebook, Twitter and also local Italian websites but this does not happen, also this does not happen when I hover over text links. I'm not getting redirected to any other website, I clicked on an image and Ghostery blocked it, I'm not seeing any pop ups or any change in my search engines, or any extension besides those I installed myself. I'm using Lubuntu 14.04 fully updated and Firefox 35.0 with Ghostery, AdBlock Plus, Hola Better Internet, LastPass, X-Notifier and Ubuntu Firefox Modifications. I've guess somehow I've been infected by that hijacker, even if I have no idea how that happened, how can I remove that? Thanks Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/ Share on other sites More sharing options...
xendrome Posted January 23, 2015 Share Posted January 23, 2015 I've got this showing up in DNS requests also (blocked) but not sure exactly what is generating the traffic yet. I will take a look more tomorrow and try to update this post. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596727716 Share on other sites More sharing options...
gohpep Posted January 23, 2015 Share Posted January 23, 2015 http://www.theguardian.com/technology/2012/apr/23/adnxs-tracking-trackers-cookies-web-monitoring Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596727736 Share on other sites More sharing options...
Shiranui Posted January 23, 2015 Share Posted January 23, 2015 Uninstall any dubious software, if any, you have recently installed that you suspect maybe involved. Download and run AdwCleaner Download and run Malwarebytes Anti-Malware Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596727738 Share on other sites More sharing options...
Gabe84 Posted January 23, 2015 Author Share Posted January 23, 2015 I don't know if I'm right or wrong, but I'm using Firefox's dev tools to analyze the page, this is what I see when I select those particular images (text based links are fine) Italian version: Quote <a id="703b75e7-03b7-3a7c-1d71-bd1e807870c1" target="_self" class="mscom-link" href="http://ib.adnxs.com/clktrb?id=438904" bi:linkid="F1A-GEN-152Q1ITIT59568-UNK">Scopri di pi Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596728100 Share on other sites More sharing options...
xendrome Posted January 23, 2015 Share Posted January 23, 2015 If you want to block this, an easy way is to use OpenDNS, and make sure you are blocking category "Adware". Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596728240 Share on other sites More sharing options...
Guest Posted January 23, 2015 Share Posted January 23, 2015 I'm getting exactly the same thing. I dunno if their website has been hacked or purposely made that way, because it wasn't like that few days ago. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596728246 Share on other sites More sharing options...
Max Norris Posted January 23, 2015 Share Posted January 23, 2015 It's just another analytics engine, same as sites using google-analytics.com, etc etc isn't it? (See #3.) It's fairly hard to find a site not using at least one of these anymore. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596728248 Share on other sites More sharing options...
Gabe84 Posted January 23, 2015 Author Share Posted January 23, 2015 On 23/01/2015 at 13:56, xendrome said: If you want to block this, an easy way is to use OpenDNS, and make sure you are blocking category "Adware". I tried your solution, but it isn't working I keep seeing this, I hover over a link and that link points to another website. On 23/01/2015 at 14:14, elenarie said: I'm getting exactly the same thing. I dunno if their website has been hacked or purposely made that way, because it wasn't like that few days ago. I'm seriously confused. I mean, Microsoft got hacked by such a well documented adware? Really? And after more than 24 hours they can't fix that? I just can't believe that. Nevertheless, analyzing their page with Firefox's dev tools it really looks like that redirect is injected into their code but, yet again, I refuse to believe their main site can get hacked so easily and they just don't realize it, and it's not just their Italian version, US version is affected too, at least on my PC. On the other hand, I just may have got infected by this adware, even though I have no idea how, I only install software via the packet manager and install only trusted updates, but, in the event of an infection, I'd expect to see more than a few redirects on just one homepage - redirects that when I clicked it, before I realized something was off, got blocked by Ghostery -, I'd expect to see changes to my browser's search engines, start page, maybe extensions too, redirects and pop ups everywhere, slow downs, but I don't see any of that, rather, as a matter of fact, after yesterday's updates my browser and system seem even faster. Or maybe my PC is infected but this adware can't just cause too much trouble on Linux. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596728906 Share on other sites More sharing options...
zhangm Supervisor Posted January 23, 2015 Supervisor Share Posted January 23, 2015 I see it on the US version of the Microsoft homepage. The links in the upper third all refer to adnxs servers and are broken (404 on clicking them). Page is served as https with the Microsoft cert. Clicking the link gives: Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596728912 Share on other sites More sharing options...
gohpep Posted January 24, 2015 Share Posted January 24, 2015 They are using it for consumer monitoring and analysis. It is placed by Microsoft. For me, when I bypass Ghostery, it works, and goes to the correlating Microsoft page. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596728936 Share on other sites More sharing options...
Gabe84 Posted January 24, 2015 Author Share Posted January 24, 2015 On 24/01/2015 at 00:07, mastercoms said: They are using it for consumer monitoring and analysis. It is placed by Microsoft. For me, when I bypass Ghostery, it works, and goes to the correlating Microsoft page. So basically Microsoft, instead of just using one of those sites that Ghostery usually picks up and blocks, they're pushing their traffic through this ib.adnxs.com site and then to their website, something like, for what I understand, those guys who upload pirated stuff on cyberlockers and then post links on forums but sometimes they make you go through interstitial webpages so they get revenue, in this case instead ib.adnxs.com acts like an interstitial webpage who doesn't show you ads in order to generate revenue for Microsoft but essentially they just use it to track you. And that site is safe? What worries me is that all over the internet I read bad stuff about this website, even if all link scanners, except MyWOT and Quttera, say that it's safe, I guess you can use their services to do something legitimate like consumer analysis as well as spreading malicious software and as a redirect for adwares. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596729374 Share on other sites More sharing options...
gohpep Posted January 24, 2015 Share Posted January 24, 2015 On 24/01/2015 at 09:33, Gabe84 said: So basically Microsoft, instead of just using one of those sites that Ghostery usually picks up and blocks, they're pushing their traffic through this ib.adnxs.com site and then to their website, something like, for what I understand, those guys who upload pirated stuff on cyberlockers and then post links on forums but sometimes they make you go through interstitial webpages so they get revenue, in this case instead ib.adnxs.com acts like an interstitial webpage who doesn't show you ads in order to generate revenue for Microsoft but essentially they just use it to track you. And that site is safe? What worries me is that all over the internet I read bad stuff about this website, even if all link scanners, except MyWOT and Quttera, say that it's safe, I guess you can use their services to do something legitimate like consumer analysis as well as spreading malicious software and as a redirect for adwares. Just seeing who visits each link and from what page, and how long until they clicked, and stuff like that. Not the most private company. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596729656 Share on other sites More sharing options...
Max Norris Posted January 24, 2015 Share Posted January 24, 2015 On 24/01/2015 at 09:33, Gabe84 said: And that site is safe? Welcome to the Internet. Most every site out there uses some sort of tracker, analytics engine, etc. Including the one you're on right now. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596729782 Share on other sites More sharing options...
Gabe84 Posted January 24, 2015 Author Share Posted January 24, 2015 On 24/01/2015 at 14:25, mastercoms said: Just seeing who visits each link and from what page, and how long until they clicked, and stuff like that. Not the most private company. Ok, well, what's important is that we're not talking about a possible infection but just Microsoft choosing a particular service for its purposes. I guess this thread is solved. On 24/01/2015 at 16:17, Max Norris said: Welcome to the Internet. Most every site out there uses some sort of tracker, analytics engine, etc. Including the one you're on right now. Yup, that's why I use Ghostery. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596729986 Share on other sites More sharing options...
Max Norris Posted January 24, 2015 Share Posted January 24, 2015 On 24/01/2015 at 18:21, Gabe84 said: Yup, that's why I use Ghostery. Yea that's a good option, I re-read my previous comment, came off a little harsh, unintended that way.. just meant it's an extremely common thing nowadays, not just advertising but keeping track of what's popular versus what isn't, etc etc, helps publishers provide a better site in the long run.. although it wouldn't surprise me if there's been cases of these sort of things being abused or hijacked. That said I block all of it too, safety first and all that. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596729996 Share on other sites More sharing options...
Gabe84 Posted January 25, 2015 Author Share Posted January 25, 2015 On 24/01/2015 at 18:28, Max Norris said: Yea that's a good option, I re-read my previous comment, came off a little harsh, unintended that way.. just meant it's an extremely common thing nowadays, not just advertising but keeping track of what's popular versus what isn't, etc etc, helps publishers provide a better site in the long run.. although it wouldn't surprise me if there's been cases of these sort of things being abused or hijacked. That said I block all of it too, safety first and all that. No problem man. I was worried about that particular site just because it seems that many malicious softwares redirect your traffic to that site once your system is compromised, probably it's a perfectly safe site, otherwise I think Microsoft wouldn't use it, that can also be used for malicious purposes. Link to comment https://www.neowin.net/forum/topic/1244136-ibadnxscom-on-microsoft-homepage/#findComment-596731064 Share on other sites More sharing options...
Recommended Posts