Search for Chrome on Bing, and you might get a nasty surprise
It’s 2018, and you can still end up with your computer compromised by searching for the world’s most popular browser.
That fact was brought home once again by Twitter user Gabriel Landau who, immediately upon firing up his brand new Windows 10 laptop and trying to download Google Chrome, was directed instead by Bing (the default search engine used by Windows 10’s default Microsoft Edge browser) to a bogus website.
Landau discovered that Bing was displaying a promoted search result to users who searched for the phrase “download Chrome” that linked to a non-official site (googleonline2018[dot]com).
If he hadn’t had his wits about him, Landau might easily have fallen for the scam and downloaded malicious code from the unauthorised site.
That’s all the more likely because – in the Bing promoted search engine result – the domain was listed as google.com, but actually took anyone who clicked to the dangerous link at the different domain instead.
Microsoft responded to Landau, saying that it has removed the offending Bing ads and banned the associated account. It has also pointed to a webpage where “low quality” ads (such as malvertising) can be reported by users.
That doesn’t, of course, explain how the ad in the Bing search results was able to claim it would take users to the genuine google.com domain.
But worse still, it doesn’t explain why the problem didn’t get fixed six months ago, when Bleeping Computer reported the same trick being used!
Back in April, Lawrence Abrams of Bleeping Computer described how using Bing to search for ‘chrome download’ resulted in an ad being displayed which appeared to direct users to the official Chrome download page at the google.com domain but actually took them to googlechrome2018[dot]net.
On that occasion, Microsoft responded within 24 hours by removing the ad.
But the problem is – this keeps happening. Microsoft removing dodgy ads from its Bing search results is all very well, but it isn’t stopping them from appearing.
Microsoft needs to more to prevent these misleading and malicious ads from appearing in search results in the first place.
All we can hope is that Microsoft Bing will now take the problem more seriously – and do a better job of policing its Bing search results ads in future. That, of course, should include verifying that the URLs displayed in the results match where users will actually be taken.
Landau has asked Microsoft’s Bing team what steps it is taking to prevent ads being listed with misleading URLs, but so far has received no response.
And as for googleonline2018[dot]com? Thankfully, most browsers are now blocking access to the URL and warning visitors of the danger.
But, of course, there’s nothing to stop scammers, confidence tricksters, and other online criminals from creating other domains that they might try to dupe users into visiting.
Industry: Cyber Security News
- Senior Cyber Security Analyst / Engineer. Exclusive role
- United Kingdom
Senior Cyber Security Analyst / Engineer. Exclusive role Hybrid role- Travel to London once a month. ROLE Day to day operations, management and scalability of existing cyber security systems. Advanced triaging and troubleshooting security alerts. Improve tooling, reducing false positives. Improve processes and documentation Reviewing, approving, escalating security change management requests. Implementing new cyber security systems. Managing of and maturing security tooling such as; SIEM Vulnerability management Firewalls Patch management CASB Ideal technical experience Vulnerability Management: Qualys Forcepoint: CASB, DLP, web security, email security Microsoft Defender for Endpoint SIEM (Splunk) Firewalls: Cisco, Palo Alto, Juniper, Sonicwall IDS: Alert Logic Microsoft Cloud App Security Microsoft Azure ManageEngine ADAudit Plus Darktrace, Cloudflare, Cisco Umbrella, Imperva WAF Appreciation of ISO27001, GDPR, PCI, etc
- Security Operations Senior Technical Analyst, Financial Services. Exclusive to DCL Search
- 75000 + benefits
Exclusive Security Operations - Senior Technical Analyst (x2) needed within a forward thinking financial services business head quartered in London. DCL Search have been engaged on an Identifier Project to attract the very best cyber talent to this business. Influence the cyber security capability and direction within the business. Learn new skills working within a collaborative team. Grow as a security professional. ROLE Triaging and troubleshooting security alerts. Improve tooling, reducing false positives. Improve processes and documentation Reviewing, approving, escalating security change management requests. Day to day operations, management and scalability of existing cyber security systems. Implementing new cyber security systems. Managing of and maturing security tooling such as; SIEM Vulnerability management Firewalls Patch management CASB Ideal technical experience Vulnerability Management: Qualys Forcepoint: CASB, DLP, web security, email security Microsoft Defender for Endpoint SIEM (Splunk) Firewalls: Cisco, Palo Alto, Juniper, Sonicwall IDS: Alert Logic Microsoft Cloud App Security Microsoft Azure ManageEngine ADAudit Plus Darktrace, Cloudflare, Cisco Umbrella, Imperva WAF Appreciation of ISO27001, GDPR, PCI, etc 2 days a fortnight in London- or more if you want.. Hybrid reworking.
- It's Pen Testing Chris, but not as we’ve know it.
- United Kingdom
5 reasons, as long as you are a skilled penetration tester (and a nice person) this may be different enough for you. Healthy package for the right talents- before you ask up to 95k+ (depending on skillset). Yes permanent only. Remotely based with the occasional time to meet up- unless you enjoy retiring from society. BUT UK based but not UK client focused. Research and training time- A dedicated trainer with budget for you to sharpen / develop skills. You can make your stamp. It’s a new role for someone technical to deliver, lead and shape a testing capability. No political shenanigans etc Exclusive to DCL Search and not one of the usual names. So you can dramatically increase your chances of securing it. Infrastructure pen testing and Web app / Manual penetration testing experience highly valued. Someone that can scope, deliver pen testing, report and not be useless in front of clients. Apply today to find out more. Or email Chris.Holt@dclsearch.com Or call 07884666351 This is a UK based role.
- Ping Contractor-
- Depends on skills and experience
Looking for experienced PIng Consultants, Looking for consultant with Implemenation or Architect experience in the Ping product set (Ping Identity, Ping Federate, Ping Access, Ping Directory, Ping Adapter development, SDK etc) This would be for implementation projects, working across UK. You will be responsible for providing implementation services to our clients from information gathering through to implementation. Evaluating client business, process, systems, and technology requirements and advise clients on best practices to help guide and solidify proposed designs. Manage Client expectations, Stakeholder Managment, ensuring design Matches business requirements