Terraclicks redirect encounter
Last edited Tue Mar 22, 2016, 10:51 AM - Edit history (1)
FYI, today I reported in another thread about an annoying experience on a site that the OP of that thread had linked to. (The OP author updated the post to reference a different site almost immediately after I posted about my experience, so hats off for his prompt action.)
Other DUers reported no problems with the page, and phazed0 even went to the trouble of checking out the linked site on Sucuri SiteCheck and sharing some detailed technical tips for avoiding this kind of thing in Safari. I was using Dolphin, not Safari, but I was perplexed as to why I'd had a problem when nobody else had. Was my phone already compromised?
My experience with the page was this:
- Using the Dolphin browser on an iPhone, I clicked the link to the source article in the original version of the thread.
- Without my clicking anything on the target page, a redirect launched the popup below. It took over my browser screen, and I could not get rid of it. Arggh! Here's a screen capture of the offending popup message (please don't visit these links!):
- This is no doubt my fault -- I must have inadvertently forgotten to re-enable popup blocking after turning it off for some reason. I can't figure how else this would have happened. Also, I had Dolphin set to a) always open links in the same window, and b) always open the last-visited page whenever I reopened the browser. As a result, I couldn't go to my list of open tabs and get rid of this one -- the popup hogged the application and couldn't be killed, even when I rebooted the phone. And I certainly wasn't going to click "OK" on this popup!
- I tried rebooting the phone -- still couldn't use Dolphin, for the reasons noted above.
- I finally decided to just delete the app, and download & install a fresh copy. No problems since.
I noticed there was something funny going on with the original page at bigbluevision.com, because when I visited it with my work desktop browser (Firefox running on Windows 7, with company-controlled security settings) displayed "Page Blocked!11!!1!1" warning messages for each of the three ads on the page.
Sure enough, after re-installing Dolphin on the phone (and making sure I had the popup blocker on), the page displayed with hyperlinks reading "Anonymous Proxy detected, click here" instead of the 3 ads:
[hr]
I got the URL of the link and saw that it was -- and please don't visit this link, either -- terraclicks(dot)com(forwardslash)anonymous. (I think it is probably pure coincidence that this hyperlink containing the word "anonymous" appeared on the page with a news story about the group Anonymous.)
Then I looked at Sucuri SiteCheck for the terraclicks link, and -- lo and behold -- it is listed as a blacklisted malware site with the note "Domain detected on spam or phishing campaigns." See https://sitecheck.sucuri.net/results/terraclicks.com for details.
Although I work in IT, I'm no security expert, so I had to do some research to find out anything about Terraclicks. Turns out it's a widely reviled outfit that does malvertising. So I will notify the publisher of the site that the other OP originally linked to to let them know the ads they're using are up to no good.
Apologies for the rather long-winded post, but I wanted to put this information here to get additional analysis tech-savvy DUers may care to offer, as well as to warn others about this potential threat. I repeat, as noted in the first paragraph of this post -- the link in the updated version of the other OP is fine now that the OP has been updated.
phazed0
(745 posts)You power users are always trouble!
I gotta deal with this stuff day in and day out at my computer repair shop! Malware authors truly are rat bastards.
klook
(12,134 posts)FYI - I updated my OP with a screen cap of the offending hyperlink, just to put the "Finis" on my little saga.
eniwetok
(1,629 posts)I run Firefox inside of the Avant shell that contains IE, Chrome, and Firefox.
Firefox has a number of stellar plugins that can block such sites like terraclicks... Adblock Plus and Disconnect Me. Along with NoScript they can really tame sites that open up new windows.
I use Firefox, but not on my phone.