Ebine and malicious code masquerading as legitimate

[Justice_Manley]

Hi all,

Thanks for having me.

I've had the strangest experience and wasn't sure what category to put this in. Basically, I've spent

the better part of 2 days reverse engineering a redirect exploit (I'm a software engineer) and

I BELIEVE I have traced it to ebine.com. Not only that, I BELIEVE that google and ebine are

colluding to create popular dislike of "do not track", which ebine strangely mischaracterizes

and on the same site offers a downloadable IE "plugin" to "truly" block advertisers. What it

actually does is redirect you to funny sites whenever you use IE; to sites like ad-g.doubleclick.net.

This is NOT the same as the older doubleclick hacks that sent users to the same domain. This is

being exploited because it is so easy to do so.

Further, I found virtually nothing on google about this exploit, which is very odd. Almost always when

we find something in the wild it inevitably ends up as easily searchable online. It could be

that the exploit is very new, dunno.

Anyway, just wanted to share,

jm

[AdvancedSetup]

Hi JM and welcome to Malwarebytes

Actually there are hundreds of these type of redirects and they're often simply registry or java changes that need to be removed and software updated typically.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks