Jump to content

Ebine and malicious code masquerading as legitimate

Recommended Posts

Hi all,

Thanks for having me.

I've had the strangest experience and wasn't sure what category to put this in. Basically, I've spent

the better part of 2 days reverse engineering a redirect exploit (I'm a software engineer) and

I BELIEVE I have traced it to ebine.com. Not only that, I BELIEVE that google and ebine are

colluding to create popular dislike of "do not track", which ebine strangely mischaracterizes

and on the same site offers a downloadable IE "plugin" to "truly" block advertisers. What it

actually does is redirect you to funny sites whenever you use IE; to sites like ad-g.doubleclick.net.

This is NOT the same as the older doubleclick hacks that sent users to the same domain. This is

being exploited because it is so easy to do so.

Further, I found virtually nothing on google about this exploit, which is very odd. Almost always when

we find something in the wild it inevitably ends up as easily searchable online. It could be

that the exploit is very new, dunno.

Anyway, just wanted to share,


Link to post
Share on other sites

  • Root Admin

Hi JM and welcome to Malwarebytes

Actually there are hundreds of these type of redirects and they're often simply registry or java changes that need to be removed and software updated typically.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.