Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

klook

(12,134 posts)
Mon Mar 21, 2016, 09:31 PM Mar 2016

Terraclicks redirect encounter

Last edited Tue Mar 22, 2016, 10:51 AM - Edit history (1)

FYI, today I reported in another thread about an annoying experience on a site that the OP of that thread had linked to. (The OP author updated the post to reference a different site almost immediately after I posted about my experience, so hats off for his prompt action.)

Other DUers reported no problems with the page, and phazed0 even went to the trouble of checking out the linked site on Sucuri SiteCheck and sharing some detailed technical tips for avoiding this kind of thing in Safari. I was using Dolphin, not Safari, but I was perplexed as to why I'd had a problem when nobody else had. Was my phone already compromised?

My experience with the page was this:

  • Using the Dolphin browser on an iPhone, I clicked the link to the source article in the original version of the thread.

  • Without my clicking anything on the target page, a redirect launched the popup below. It took over my browser screen, and I could not get rid of it. Arggh! Here's a screen capture of the offending popup message (please don't visit these links!):

  • This is no doubt my fault -- I must have inadvertently forgotten to re-enable popup blocking after turning it off for some reason. I can't figure how else this would have happened. Also, I had Dolphin set to a) always open links in the same window, and b) always open the last-visited page whenever I reopened the browser. As a result, I couldn't go to my list of open tabs and get rid of this one -- the popup hogged the application and couldn't be killed, even when I rebooted the phone. And I certainly wasn't going to click "OK" on this popup!

  • I tried rebooting the phone -- still couldn't use Dolphin, for the reasons noted above.

  • I finally decided to just delete the app, and download & install a fresh copy. No problems since.

I noticed there was something funny going on with the original page at bigbluevision.com, because when I visited it with my work desktop browser (Firefox running on Windows 7, with company-controlled security settings) displayed "Page Blocked!11!!1!1" warning messages for each of the three ads on the page.

Sure enough, after re-installing Dolphin on the phone (and making sure I had the popup blocker on), the page displayed with hyperlinks reading "Anonymous Proxy detected, click here" instead of the 3 ads:

[hr]
I got the URL of the link and saw that it was -- and please don't visit this link, either -- terraclicks(dot)com(forwardslash)anonymous. (I think it is probably pure coincidence that this hyperlink containing the word "anonymous" appeared on the page with a news story about the group Anonymous.)

Then I looked at Sucuri SiteCheck for the terraclicks link, and -- lo and behold -- it is listed as a blacklisted malware site with the note "Domain detected on spam or phishing campaigns." See https://sitecheck.sucuri.net/results/terraclicks.com for details.

Although I work in IT, I'm no security expert, so I had to do some research to find out anything about Terraclicks. Turns out it's a widely reviled outfit that does malvertising. So I will notify the publisher of the site that the other OP originally linked to to let them know the ads they're using are up to no good.

Apologies for the rather long-winded post, but I wanted to put this information here to get additional analysis tech-savvy DUers may care to offer, as well as to warn others about this potential threat. I repeat, as noted in the first paragraph of this post -- the link in the updated version of the other OP is fine now that the OP has been updated.
4 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Terraclicks redirect encounter (Original Post) klook Mar 2016 OP
Glad to hear you got it worked out!! phazed0 Mar 2016 #1
Haha, thanks! klook Mar 2016 #2
options for blocking such sites eniwetok Apr 2016 #3
Good tip. klook Apr 2016 #4
 

phazed0

(745 posts)
1. Glad to hear you got it worked out!!
Mon Mar 21, 2016, 09:47 PM
Mar 2016

You power users are always trouble!

I gotta deal with this stuff day in and day out at my computer repair shop! Malware authors truly are rat bastards.

klook

(12,134 posts)
2. Haha, thanks!
Tue Mar 22, 2016, 10:55 AM
Mar 2016

FYI - I updated my OP with a screen cap of the offending hyperlink, just to put the "Finis" on my little saga.

eniwetok

(1,629 posts)
3. options for blocking such sites
Mon Apr 11, 2016, 09:23 PM
Apr 2016

I run Firefox inside of the Avant shell that contains IE, Chrome, and Firefox.

Firefox has a number of stellar plugins that can block such sites like terraclicks... Adblock Plus and Disconnect Me. Along with NoScript they can really tame sites that open up new windows.

Latest Discussions»Help & Search»Computer Help and Support»Terraclicks redirect enco...