Ad-based attack on Second Life

[animats]

This is an ad on Bing. Sometimes the top search result for "second life". Don't go there. This is what happens.

 

That's where the link goes. It's supposed to look like a Windows desktop and asks for your user name and password. This is on Linux, so that's not very convincing. If you had the browser in full-screen mode on Windows, it might be convincing.

It's really hard to get rid of this page. It has something that uses huge amounts of memory.

Edited February 17, 2020 by animats

[animats]

It's not just an attack on Second Life. Other searches, such as "Firefox bug" lead to the same place.

[Coffee Pancake]

.... and this children is why no one should bing. Ever.

[Nova Convair]

This is so old - but here and there there is still someone that panics.

 

[So Whimsy]

Who uses bing? o_O

[Wulfie Reanimator]

What's in that 2600 line doc? I'm really curious.

[animats]

32 minutes ago, Nova Convair said:

This is so old - but here and there there is still someone that panics.

It was supposedly fixed in Firefox 63, but no. The problem is that the "Authentication required" message in Firefox is a modal dialog - you can't do anything else in that window until it's dismissed.  If you dismiss it, it pops up again. This prevents clicking on the "Stop it" button. The attack page uses as much memory as possible to force the system to swap to disk and run very slowly.

Sent Firefox a bug report. Firefox is supposed to be able to deal with that.

Edited February 17, 2020 by animats

[bigmoe Whitfield]

I've noticed this issue when using bing and trying to find a few SL links for the marketplace.  I end up dropping back to google or yahoo to find the right path at times,  I'm pretty good with search engines bing drives me bonkers though at times.

[Soft Linden]

So far I’m not able to get this to come up. I’ll keep trying, but if any of you still see it would you help by reporting it here?

https://about.ads.microsoft.com/en-us/resources/policies/report-spam-form

[animats]

It's been reported to Bing, and disappeared from search quickly. The attack site was hosted, briefly, on Digital Ocean, but it's down there. Reported to Firefox as a bug; the anti-DOS measures Firefox takes didn't work right.

[Ardy Lay]

4 hours ago, animats said:

It's been reported to Bing, and disappeared from search quickly. The attack site was hosted, briefly, on Digital Ocean, but it's down there. Reported to Firefox as a bug; the anti-DOS measures Firefox takes didn't work right.

Thanks for not just putting up with that stuff.  Reporting it is good.

[VenKellie]

On 2/17/2020 at 2:19 PM, animats said:

look at the url before clicking the search result. if it doesnt say secondlife.com it is most likely a phishing/harmware site. These kind of sites are made for alot of legit services like world of warcraft and minecraft. so its not just limited to SL.
The one posted here looks like the old windows tech scam. Made to look like your PC just got infected, give you a number to call, the scammer fools you more into thinking your pc is badly infected then says he can fix it for a fee. But all the scammer did was get you to install teamviewer, open console and type in some random stuff made to freak out people.
Its all over YouTube of how the scam works.

Good that this one posted has been reported but remember this isnt the only one aimed at click batting second life searches.

Google search has a better system to filter out phishing sites but always check the url in the green text before clicking, if it looks like a scam it probably is.

Edited February 20, 2020 by VenKellie