Virus loaded ad redirects

Man Of Lard

I dislike ads as much as the next man - but I put up with them for sites like this - but I have had to use a different browser to normal to type this because the site in the image is continuously loading on BR

http://imgur.com/gmY4Byx


That's on the phone. On the tablet the mobile site loads, then after a few seconds it decides to load the desktop site with the wrap around advert which makes the site content unreadably small (as well as the massive JS overhead making it clunky to navigate - in fact makes my 40M broadband look like 9.6k dialup (yes not even "fast" dialup))

Anonymous

I still get then. Recently are:

Same as above
Xxx anal sluts
Gambling
Tesco

Not exactly family friendly

BikeRadarAdmin

Apologies again all.

This is unacceptable and I am pressing to get this resolved ASAP.

Man Of Lard

Morning all - another day, another spamvertising redirect that I only ever see on BikeRadar - this one is the typical clickbait stuff "you've won a new iPhone 7" (I wouldn't thank you for one even if it was wrapped in a tenner).

Seems that the offending broker for me is bigbangads-dot-go2cloud-dot-org (you can do the editing to get the addresses) - which sends me variously to us-dot-r8lyydlb-dot-pw and ukprizecompetition-dot-com.

Impossible to type this on a phone because the redirect comes in intruding over the top with no possibility to go back in the browser (because it reuses the window rather than spawning a new one) and most egregiously these adverts vibrate the device.

Please get this bulldust sorted, it is exactly the sort of advertising that drives people to install draconian solutions to prevent these intrusive redirections.

wolfsbane2k

Man Of Lard wrote:

Morning all - another day, another spamvertising redirect that I only ever see on BikeRadar - this one is the typical clickbait stuff "you've won a new iPhone 7" (I wouldn't thank you for one even if it was wrapped in a tenner).

Seems that the offending broker for me is bigbangads-dot-go2cloud-dot-org (you can do the editing to get the addresses) - which sends me variously to us-dot-r8lyydlb-dot-pw and ukprizecompetition-dot-com.

Impossible to type this on a phone because the redirect comes in intruding over the top with no possibility to go back in the browser (because it reuses the window rather than spawning a new one) and most egregiously these adverts vibrate the device.

Please get this bulldust sorted, it is exactly the sort of advertising that drives people to install draconian solutions to prevent these intrusive redirections.

The guys do appear to be trying hard to chase this down, I'm in chats with them, including some steps I'd never thought I'd have to revert to. It's not just BR, but across their fleet of sites.

I'm "dabbling" with trying to support the investigation, but if anyone else knows any really good mobile only tools that might support, this please PM me!

I concur though, I've stopped visiting the site on a mobile device because of the spam.

BikeRadarAdmin

Thanks for the updates.

All of the info provided is very helpful.

Apologies for having to deal with this, ads ops are on the case.

Will keep you in the loop for any updates I receive.

Man Of Lard

joshjevans wrote:

Thanks for the updates.

All of the info provided is very helpful.

Apologies for having to deal with this, ads ops are on the case.

Will keep you in the loop for any updates I receive.

You need to impress on them (ad ops) that this is not making your advertisers at all attractive to do business with and it is also giving a negative impression of Bikeradar too.

Man Of Lard

Another day, another intrusive hijacking redirect - new broker this time

Broker: http://nbc0b.voluumtrk.com/click1
Spamvertising: http://sw.tun45xzf.pw/ukyep0909p7/001.php

Once the redirection has happened there is no way back to BR - back in browser doesn't work because it only takes you back to the broker (which forces the redirection to the spamvertising). If you do manage to get back to BR via history the original redirection to the broker kicks in again and you head around the merry cycle once more. Or you give up even trying to look at BR at all.

wolfsbane2k

Man Of Lard wrote:

Another day, another intrusive hijacking redirect - new broker this time

Broker: http://nbc0b.voluumtrk.com/click1
Spamvertising: http://sw.tun45xzf.pw/ukyep0909p7/001.php

Once the redirection has happened there is no way back to BR - back in browser doesn't work because it only takes you back to the broker (which forces the redirection to the spamvertising). If you do manage to get back to BR via history the original redirection to the broker kicks in again and you head around the merry cycle once more. Or you give up even trying to look at BR at all.

Yep, this is the same spamvertising address I've just had.

BikeRadarAdmin

I've been told this is now resolved. Please let me know if you experience any further issues!

wolfsbane2k

joshjevans wrote:

I've been told this is now resolved. Please let me know if you experience any further issues!

Yep, cheers for that.

Looks like it (unsurprisingly) was hitting others as well, guessing the same problem/malvertising broker.
http://www.bbc.co.uk/news/technology-37573815

BikeRadarAdmin

Ah, that makes me feel not quite as useless! Thanks again for all of your help with this Wolfsbane, really do appreciate it.

Have a great weekend.

darkhairedlord

So who is responsible for ensuring this doesn't happen? If I deliberately infect an organisation's website I would be dragged off to jail. Surely you just go to the police and report the ad-farm for running malicious code on your website?
Perhaps the ad-farm should should not allow unfettered access but vet each ad before it is allowed up, or Bike-radar could insist on this and black list agencies that don't comply. Is this something that should be putting into a code of practice?