I’ve read recently that some 60% of sites on the net are infected with a very subtle/rarely-reproducible redirection hack that sends the user off to some site that presents them with malware in 1 way or another.
I was just doing some of my Christmas shopping on Amazon.com, was in the Office Supplies section and literally searched for the term “#0 6.5×10 Bubble Mailer” and the screen above popped up — I looked up in my Chrome address bar and noticed that I had been redirected to top2009securityf.cn — what the hell?
I closed the dialog (didn’t click OK or Cancel) and was then shown the website anyway:
It is purposefully mocked up to look like Windows XP — and the progress bar you see in the background filled up as it “scanned” my computer. After completing the little JavaScript animation, it popped up the above dialog. Again, I closed it and was then presented with this EXE download from the site:
I discarded that bogus malware download and oddly enough couldn’t use the Back button to get back to Amazon — so I killed the tab and went back manually and tried to re-create the redirection with no luck.
I have no idea if this was an issue with my Google Chrome install (latest stable) or Amazon.com possibly falling victim to redirection shenanigans we have seen reported from around the web — unfortunately occurring JUST infrequently enough that individually, people think it was just a fluke and don’t report it, but collectively, the WWW seems to have H1N1.
Anyone else ever experienced this either with Chrome or on a major site?
Update #1: Slashdot reports a story today saying that a massive SQL Injection hack has dominated over 132,000 sites… maybe that’s what I was seeing?
I experienced the same thing on comics.com. I didn’t think to check the address bar when this happened but I did get the same information when it tried to get me to download that same exe file. I am using Firefox 3.5.5 which I believe is the most current version.
I just had the same thing happen while using Chrome beta on amazon.com.
Matt were you searching for something or browsing around a particular category? I was in Office Supplies when it happened to me.
Did you revisit the site where it first occurred? I did and things appeared normal.
Max, I went back and re-traced my steps with the browser, even re-searching for the same string and had no luck reproducing. After seeing that story on Slashdot today (130k+ sites compromised with SQL injection) it made me really nervous to think that a lot of sites I frequent are likely infected, but setup to only engage the user 1 out of 10k times, so no one really notices.
It’s brilliant from a bot-net perspective, but maddening from a “trying to track it down” perspective. I doubt Amazon even knows what is going on or how to fix it.
I think I was in the Kitchen & Dining section, doing a little Christmas shopping. I could not reproduce the glitch either.