[German]A worrying thing that may have happened in the USA. Users looking for a Google Chrome download in Microsoft Edge on Windows 10 were occasionally redirected to a page offering unwanted software (PUP).
Advertising
There is always the danger that when users searching on Google, Bing and Co. they are redirected via sponsored ads to pages offering malware or unwanted software (PUP). The search engine providers naturally try to avoid this.
Phisher tricked Bing
From time to time cyber criminals are able, to trick Bing to show ad which redirects users to phishing sites. I became aware of this topic through a tweet by Tero Alhonen.
It's not just Bing serving ads with malware, it's also Microsoft's SmartScreen (i.e. "safe browsing") for Edge failing miserably to detect malicious web sites https://t.co/RDrheOraFO pic.twitter.com/4rF1fbAC1M
— Tero Alhonen (@teroalhonen) 27. Oktober 2018
The case was was noticed by Gabriel Landau, who got a new Windows 10 notebook. He wanted to quickly search in Microsoft's Edge browser for the Google Chrome browser download while setting the machine up and install this alternative browser. But he noticed, that he was offered googleonline2018[.]com as the target page. So he recorded this in a video and published it in a tweet.
Brand new Win10 laptop. Attempt to install Chrome. Almost get owned with my very first action. Why is this still happening in 2018, @bing? Please explain. pic.twitter.com/uYJhu7xa9H
— Gabriel Landau (@GabrielLandau) 25. Oktober 2018
Advertising
Redirected to a Phishing site distributing PUPs
The target page is a phishing site that is also blocked with a warning in the Google Chrome browser. Here is the warning, which is displayed to me in Chrome under Windows 7.
![Phishing-Site googleonline2018[.]com](https://i.imgur.com/Cex7BeS.jpg "Phishing-Site googleonline2018[.]com")
It seems, that a PUP installer for potentially unwanted programs (PUPs) is offered on this site for download with the Chrome browser package. How To Geek addressed the case within this article (also Forbes has a report). Bleeping Computer had a similar article in April 2018. And the How To Geek article mentions further sources.
Strange behaviour in Edge/IE 11
My attempt to open the web page in the Edge browser ended with a strange display (see screenshot below), which I can't make sense of at the moment.
![Phishing-Site googleonline2018[.]com in Edge](https://i.imgur.com/YbM8kyr.jpg "Phishing-Site googleonline2018[.]com in Edge")
It says the web site could not reached. The link shown to search for the page on Bing produces the same result. IE 11 also shows a similar message (under Windows 7 and Windows 10), but no indication of a phishing page. Something is now blocked at Microsoft.
Hi Gabriel, protecting customers from malicious content is a top priority and we have removed the ads from Bing and banned the associated account. We encourage users to continue to report this type of content at https://t.co/Dh1KuF5O0t so we can take appropriate action. ^GC
— Bing Ads (@BingAds) 26. Oktober 2018
Microsoft has posted the above Tweet informing, that the ads has been removed from Bing. What I recommend: Keep your eyes open when you search for software via search engines. If known, make sure that the download page of the manufacturer is shown in the address bar of the browser (in the current case it would be something with google.com). If you want to be absolutely sure, you can inspect the downloaded installer file and check it for digital signatures as well as upload it to VirusTotal.
Advertising
