If you are a Skype user be aware of Baidu spam links, you may get from anyone of your Skype contacts.Do not click on those links, if you click on it you may end up with fake Articles.
Links look’s like this
http://www.baidu.com/link?url=fab_xYn2VuxIqRnNmhdm7geaj9To0Sxm_lZcR1aWJYC&ID=username
After Google, Baidu is one of the most popular search Engine for websites, also it offers many other web services and it shouldn’t be involved in span campaigns.
These are done by the malicious people to abuse Baidu search results. Baidu don’t use to link site’s directly, instead links to interstitial redirect pages. Which tell’s Baidu links have been clicked in their search engine results pages (SERPs) and may help to increase the page rank.
For example, if you search “Gbhackers on Security” and click the result for gbhackers.com, the actual link will be something like this:
http://www.baidu.com/link?url=4r6MKB14CnHUrVOJp3g5pVsJ4n5k0jwdUitVyE6y3IkHmH0F27yadM1_5uAXFXF5&wd=&eqid=f998e3b5000302d20000000458579d07
This redirect from Baidu changes as well. If you search for “Gbhackers on Security” again, you’ll get a new interstitial link with a different encrypted url parameter that still redirects to gbhackers.com.
Why Skype campaign, scammers abuse these interstitial Baidu pages.
To make the links more trusted for Skype users to click on, these malware adds an random fragment identifier using the skype name of the recipient (e.g. #emubahyt= from the link at the top of this post).
Baidu links redirect to sites hosted on the server with IP address 46 .30 .46 .78:
abatapka[.]ru – created on Nov 7, 2016 3d-universe[.]ru – created on Nov 3, 2016 abc-sport[.]ru – created on Nov 7, 2016 gieldoweb[.]info – created on Nov 12, 2016 tria42[.]ru – created on Nov 18, 2016 tehnoenerg[.]ru – created on Nov 1, 2016
Sites on the 46 .30 .46 .78 server randomly redirect to one of the following fake “news sites”:
brainvipwit[.]com/?a=370960&c=brain&s=gipo&42988 – 50.115.122.204 – created on Nov 11, 2016 brainvlllwit[.]com/?a=370960&c=brain&s=gipo&49374 – 50.115.122.206 – created on Nov 16, 2016 intellectvvv[.]com/?a=373727&c=brain&s=lefo&91446 – 5.149.248.236 – created on Nov 15, 2016 witxxsmind[.]com/?a=373727&c=brain&s=lefo&82834 – 104.193.252.140 – created on Nov 15, 2016 vipiqfmind[.]com/?a=370960&c=brain&s=gipo&94704 – 199.168.187.213 – created on Nov 28, 2016
LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome extensions,…
In a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of…
NTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive disruption…
Apple Inc. has agreed to pay $95 million to settle a proposed class-action lawsuit alleging…
A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among…
The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as…
View Comments
Hey. I received a link from my friend and it looked safe with "https: google"(not baidu) etc. It looked like a search result link so I clicked and first it quickly opened and closed gieldoweb info then it redirected to some ad site. I closed the page quickly but I wonder if something happened. How can I know?
Hi Renato.. it's a Skype scam which injected by sophisticated malware .we strongly recommend you to don't click the link.. if you did it please change your password for your Skype account and all other social account which you use the same password.. the link which came from your friend means , your friend Skype ID has been compromised and which is not sent by your friend . please let him know this information and ask him to change his/her password everywhere . please delete those link which is named as "baidu". its not an actually a Baidu link but other malicious link has been embedded with it . so please careful and beware. and let your Friends know .