- Impact
- 136
Just a note to those who display MSN search results through the API interface on their websites.
I had Estibot display related MSN search results for each domain name that was researched. Last week I started getting reports from users that Estibot redirected them to porn websites or "You've been owned" hacker pages when they researched certain domains.
At first I though jeez, my server's been hacked, but within minutes, by means of commenting out bits of code, I found that the cause was the MSN API search results.
Someone has been able to manipulate the search results to send a redirect command to the user's browser.
I removed the MSN feature, and presto, the problem was gone.
I have also noticed that MSN live search results have been manipulated to function as Adsense ads. I forget what it was that I searched, but clicking the first organic search result, it was actually a GOogle ad for some publisher, and lead directly to the Adwords Advertiser's site.
The advertiser's site was travel related, so it was probably an expensive click, especially seeing as the MSN search result had nothing to do with advertising and the clicks were wasted...
I think Microsoft really has some security issues with their Live search. I did give them feedback using the form but I doubt they'll read it.
I had Estibot display related MSN search results for each domain name that was researched. Last week I started getting reports from users that Estibot redirected them to porn websites or "You've been owned" hacker pages when they researched certain domains.
At first I though jeez, my server's been hacked, but within minutes, by means of commenting out bits of code, I found that the cause was the MSN API search results.
Someone has been able to manipulate the search results to send a redirect command to the user's browser.
I removed the MSN feature, and presto, the problem was gone.
I have also noticed that MSN live search results have been manipulated to function as Adsense ads. I forget what it was that I searched, but clicking the first organic search result, it was actually a GOogle ad for some publisher, and lead directly to the Adwords Advertiser's site.
The advertiser's site was travel related, so it was probably an expensive click, especially seeing as the MSN search result had nothing to do with advertising and the clicks were wasted...
I think Microsoft really has some security issues with their Live search. I did give them feedback using the form but I doubt they'll read it.
