Forgot your password?
typodupeerror
Internet Explorer

Reports of IE Hijacking NXDOMAINs, Routing To Bing 230

Posted by kdawson
from the if-I-want-bing-I-will-type-bing dept.
Jaeden Stormes writes "We just started getting word of a new browser hijack from our sales force. 'Some site called Bing?' they said. Sure enough, since the patches last night, their IE6 and IE7 installations are now routing all NXDOMAINs to Bing. Try it out — put in something like www.DoNotHijackMe.com." We've had mixed results here confirming this: one report that up-to-date IE8 behaves as described. Others tried installing all offered updates to systems running IE6 and IE7 and got no hijacking.
Update: 08/11 23:24 GMT by KD : Readers are reporting that it's not Bing that comes up for a nonexistent domain, it's the user's default search engine (noting that at least one Microsoft update in the past changed the default to Bing). There may be nothing new here.
This discussion has been archived. No new comments can be posted.

Reports of IE Hijacking NXDOMAINs, Routing To Bing

Comments Filter:
  • by tjstork (137384) <todd@bandrowsky.gmail@com> on Tuesday August 11, 2009 @05:03PM (#29030613) Homepage Journal

    So it looks like its not Microsoft's fault in -my case-.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      And... Comcast does it for me...

      • Re: (Score:3, Informative)

        by DaHat (247651)

        I just noticed comcast doing it to me this morning as well... odd thing was it would redirect www.pleasedonthijackthis.com but not pleasedonthijackthis.com.

        Call me crazy... but I do not use www's unless I have to!

        • by dch24 (904899)
          So how long until Comcast sues Microsoft for using "bundling" to catch this revenue stream?
    • by pjotrb123 (685993) on Tuesday August 11, 2009 @05:33PM (#29030989)
      Most if not all versions of IE (6+, and probably older ones too) have a feature called search from address bar [sevenforums.com]. With this setting enabled, anything typed in the address bar which does not resolve to a website, is passed on to the default search engine, whichever that may be.
      Perhaps a recent update turned this feature ON for people who had it turned OFF? But the feature itself is most definitely not new or news.
      • by Anonymous Coward on Tuesday August 11, 2009 @06:06PM (#29031405)

        Indeed. It's also possible that these are people that used to get "Windows Live Search" when they made a mistake and now get "Bing!" instead.

        (Windows Live Search no longer exists - "www.live.com" redirects you to "www.bing.com"; so any web-browser installs configured to go for Windows Live will now automatically go to Bing instead.)

      • by Bigjeff5 (1143585) on Tuesday August 11, 2009 @06:37PM (#29031743)

        Bingo.

        The truth, it looks like, is that MS updated the search service in IE and may have changed the default settings. The old default was disabled with Live search being the first option selected. The new default is probably to have it enabled with Bing as the first option - Bing has definitely replaced Live in the list of search providers.

        Calling it "Hijacking" a non-existing domain name is a bit over-the-top. Chances are nobody thought us geeks would be too slow to pick up on what actually happened rather than getting our collective panties in a bunch about a non-issue.

        Does anybody really think MS is stupid enough to switch on mass-DNS hijacking? Did everybody get stupid all of a sudden?

        Makes the statement from the first MIB movie seem all too true: A person is smart, but people are stupid (paraphrase).

    • My IE8 redirected to Google.. I guess it's because of the Google Toolbar, although it was disabled.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Actually, Ballmer hired me to do this. He asked that I do it, instead of MS people, because he wants to maintain "plausible deniability". I got it all done, then Steve wants to pay me less than half of what he promised. Says, since it only took me two days to finish it up, I didn't earn my money. BASTARD THREW A CHAIR AT ME AND TOLD ME TO GET OUT!!!

      I hate that man....

  • Who cares!?! (Score:2, Insightful)

    by o TINY o (1611133)
    I mean really. We can get a page telling us the site doesn't exist, or we can be re-directed to a search engine which can help us find what we were looking for. Yeah it helps pimp Microsoft, but I figure if you are using their browser, it is fair game.
    • Re:Who cares!?! (Score:4, Interesting)

      by MyDixieWrecked (548719) on Tuesday August 11, 2009 @05:23PM (#29030881) Homepage Journal

      Domain hijacking is a huge deal for me. Primarily, when I'm on an internet connection that's hijacking the domain, if I type 'amazon', firefox first checks if I have an amazon in my searchdomain (ie: amazon.example.com), and if not, it tries adding a .com, then a www. and a .com... if the ISP is hijacking it, I get an answer to 'amazon' with the hijacked page. This means that I have to type the .com every time.

      with a browser doing the same thing, I could be trying to connect to my primary server (wolverine) and if I mistype the webaddress, it redirects me to bing, changing my URL bar to the bing URL which means that when I've typed 'wolverine/some/really/long/path?with=variables' I have to go type that whole thing over again to correct it rather than just fixing it in the addressbar.

      so, hijacking the DNS is a BITCH and is totally annoying all the time.

      • Of course, when you start typing wolverine/long/path/to/script, doesn't your browser autofill at least some of the domain, limiting the room for typos?

      • Re:Who cares!?! (Score:4, Interesting)

        by Burning1 (204959) on Tuesday August 11, 2009 @07:08PM (#29032013) Homepage

        This isn't an example of domain hijacking, this is an example of an annoying browser feature.

        Domain hijacking refers to a range of activities, some of which are illegal, and some of which are just annoying. In the traditional sense, domain hijacking usually involves exploitation of domain registrar update process or social engineering to steal a domain name, and direct traffic to another (possibly nefarious) website. In this case, someone has literally taken (stolen) another person's property and used it for their own purposes.

        I've also seen the term legitimately used to describe NXDOOMAIN hijacking, where ISPs answer requests for 'nonexistant' domains, redirecting traffic for their own purposes. This causes a lot of headaches for IT, but is not illegal.

      • by Photo_Nut (676334) on Tuesday August 11, 2009 @07:25PM (#29032139)

        Domain hijacking is a huge deal for me.

        Your description is confusing the browser trying to resolve your broken DNS request with an ISP hijacking your DNS request.

        Primarily, when I'm on an internet connection that's hijacking the domain, if I type 'amazon', firefox first checks if I have an amazon in my searchdomain (ie: amazon.example.com)

        No. When you're on an internet connection that's hijacking the domain, amazon resolves to a 'service' provided by your ISP even though it's not a registered domain.

        , and if not, it tries adding a .com, then a www. and a .com...

        What you mean is that if your ISP's DNS service works correctly and tells you that amazon.com doesn't exist, your web browser (Firefox in this case) has some heuristic for trying other DNS queries in an attempt to help you, and when those queries are exhausted it takes you to a search engine.

        if the ISP is hijacking it, I get an answer to 'amazon' with the hijacked page. This means that I have to type the .com every time.

        Which is what you should have written first.

        So you have to type .com when you mean amazon.com. Yeah, that's like saying that I have to write Plymouth, MA next to 02364 on my address. The postal service is run by people, and usually, they can figure it out, but if the address is wrong, it's your fault, even if they helpfully fix it for you.

        with a browser doing the same thing, I could be trying to connect to my primary server (wolverine) and if I mistype the webaddress, it redirects me to bing, changing my URL bar to the bing URL which means that when I've typed 'wolverine/some/really/long/path?with=variables' I have to go type that whole thing over again to correct it rather than just fixing it in the addressbar.

        So turn off the feature which searches with the default search engine when your DNS query fails.

        If you want to bypass DNS for your machines, put your own entries in your "/etc/hosts file" (%WINDIR%\System32\drivers\etc\hosts on Windows). Also, you can run your own DNS service locally.

        so, hijacking the DNS is a BITCH and is totally annoying all the time.

        Only if you aren't technically savvy enough to use a web browser. After you type amazon.com in once into IE or Firefox or Chrome these days, the autocompletion helpers from your recent history usually have enough context that shift+enter (in IE anyway, not sure about the others) takes you where you want to go.

        The real problem with DNS servers hijacking broken requests is that they lie to network tools, not just web browsers. This can cause serious problems. DNS is used for more than just HTTP.

        • by Bigjeff5 (1143585) on Tuesday August 11, 2009 @09:19PM (#29032811)

          Here here!

          My god, this service has existed since they launched IE6, it is simply turned off by default.

          Hit the big "Search" button in the toolbar, and hit customize, and you can change what search provider the address bar search uses. You can disable/enable/change the address bar search option in Internet Options/Advanced.

          They obviously recently updated the list of service providers to replace Live search with Bing. My guess is they changed the default address bar search behavior also, and anybody who was using the defaults got changed over.

          Nobody seems upset that Chrome does this by default, or that FireFox can do this too. Frickin hypocrites.

          Seriously, get ahold of yourselves people, you're really getting upset that IE tries to find the website you were looking for instead of saying "Website not found"? And it's somehow DNS hijacking? Get a grip people!

  • by Monkeedude1212 (1560403) on Tuesday August 11, 2009 @05:06PM (#29030639) Journal

    I'm pretty sure that if you had the Google Search Provider add on for IE, and made it your default search provider, it would do the same? Hasn't that always been the case for Non-existant domains?

    I mean, its IE, and its microsoft - all they're basically doing is providing the "Microsoft Add On" in their versions of IE.

    • by icebike (68054)

      I'm pretty sure you don't know what you are talking about.

      Why not TRY it in Firefox and compare results to IE like everybody else is doing?

      • by Thalagyrt (851883) on Tuesday August 11, 2009 @05:26PM (#29030907)

        I've done it in IE8. With Google as the search provider, it goes to Google. With Bing as the provider, it goes to Bing. With Yahoo as the provider, it goes to Yahoo... Hell, with eBay as the selected provider, it searches eBay. You get the picture.

      • by Monkeedude1212 (1560403) on Tuesday August 11, 2009 @05:36PM (#29031029) Journal

        I -DO- know what I'm talking about, and I don't know how this made news because I've had IE do this for me for at least a year as Google as my default search provider, sending me to google if I mistyped a domain name or something. And when I didn't have google set, it was "Windows Live search".

        Now its Bing.

        I'm pretty sure you Don't know what YOU'RE talking about, because you use Firefox and haven't kept up with IE. Just like the article.

        • by icebike (68054)

          Firefox = Shows static not found page
          Opera = Shows static not found page
          Safari = Shows static not found page
          Ancient Seamonkey = Shows static not found page

          IE? FLEETINGLY shoes static page, then pops to something that on vmn.net even tho my search provider is Google.

          I want to configure it to use the proper response, which is the static page ONLY.

          • by Monkeedude1212 (1560403) on Tuesday August 11, 2009 @05:59PM (#29031329) Journal

            Quoted from below:

            Tools -> Internet Options -> Advanced -> Search from Address Bar -> Do not search from address bar.

            There you go.

            If anything else is happening, its a problem with malware on your computer or your DNS.

            Microsoft is not shamelessly plugging Bing. It's a feature. A feature they've had for years and decided to make it standard. If you don't set it to anything besides the default, it'll use Bing.

            • by icebike (68054)

              No such option in IE8.

              • by Blakey Rat (99501)

                It's there, it was just renamed. In the same area, find the "Search from the Address bar" section and then click "Do not submit unknown addresses to your auto-search provider." True, it's a little bit confusingly worded, but the option is still there.

  • by Sycraft-fu (314770) on Tuesday August 11, 2009 @05:07PM (#29030653)

    It isn't actually Bing that it goes to, it is whatever your default search provider is. Now that is Bing by default, but you can change it to anything you want. IE8 asks you during setup, and you can change it later. So if you change it to Google and enter a non-existent domain, it'll send you to Google with a search for that.

    Similar to how Firefox works, just in more cases. In FF, if you enter a name with no domain, it tries some popular ones like .com. If it can't find any, it then does a search in your default provider. IE is doing a similar thing, but doing the search even if you do enter a domain.

    • by Darkness404 (1287218) on Tuesday August 11, 2009 @05:12PM (#29030727)
      But it becomes a bad thing when you do it for non-existent domains. When you type something without the domain name, its assumed you are searching for something, when you enter a non-existent domain, its sorta like dialing a wrong number. I'd rather the phone system tell me I have a wrong number rather than trying to get me where it thinks I want to go. If I call 555-555-5555 chances are I want 555-555-5555, it should not assume that I want 555-555-XXXX. When I want to go to something .com, .net, .org, or another domain, I want it it to show me the domain, if there is no domain, tell me there is no domain.
      • I'm saying what it is doing, and why. It isn't "hijacking" it is trying to be helpful to users that mistype a domain.

        • by causality (777677)

          I'm saying what it is doing, and why. It isn't "hijacking" it is trying to be helpful to users that mistype a domain.

          If I do something incorrectly, the most helpful thing at that point is to let me see that it caused an error. The idea that an error would confuse me or be too much for me to handle and so must be avoided at all costs is a good way to prevent me from learning why my original attempt didn't work and how it may be done correctly in the future. It's also somewhat insulting. It assumes that not only am I just a "point-and-drool" type of user, but that I wish to remain that way.

          I wonder if this behavior wo

      • Re: (Score:2, Redundant)

        by Absolut187 (816431)

        Fix:

        Tools -> Internet Options -> Advanced -> Search from Address Bar -> Do not search from address bar.

      • Re: (Score:3, Insightful)

        by Fastolfe (1470)

        But it becomes a bad thing when you do it for non-existent domains.

        Why? If I mistype a domain name, and get a search results page, I know instantly what happened (I mistyped the domain name), and, odds are, the correct page that I'm looking for is in the search results (usually at the top), one click away, instead of a retype away. This is a net positive for me. Fortunately we can both have it our own way, since you can turn this feature off, right?

      • by Blakey Rat (99501)

        Ok; then turn it off.

        Either way, it's not worthy of a mouth-foaming angry Slashdot story-- unless it's time for the 2 Minutes Hate, I guess.

      • Re: (Score:3, Informative)

        by cbhacking (979169)

        First, most search engines will helpfully correct typos in domain names for you. I'm sure that the averag euser finds this behavior a LOT more helpful than a page saying "Nope, can't find it."

        Second, domains don't necessarily end with any of the TLDs you listed. In fact, the path you're routing to might not end with a TLD at all - servers on your intranet, or in your hosts file, often don't have TLDs. Treating a URL that differently purely on the basis of whether it ends with a .somedamnthing seems pretty p

    • But if you enter a valid URL firefox will always take you there even if there is no site, it only googles stuff if you type an invalid url, this is a fair assumption
      google.cm/ [slashdot.org] google dot com goes to a google results page

      it can also be disabled completely
      keyword.enabled = false

      • In the options menu there's a setting "Search form the address bar." You can change that to not submit unknown addresses. It is just the default behavior, not the mandatory behavior.

      • by gazbo (517111)
        AND THERE IS THE CRUCIAL POINT:

        But if you enter a valid URL...

        Same with IE. Try typing in "www.fdsgsdfgfgs.com" and you'll indeed go to Bing. Try typing in "http://www.fdsgsdfgfgs.com" and you'll get a DNS error.

        I could understand the average user not appreciating the difference, but surely everyone on this site should? Certainly the sort of people who think they're clever enough to use phrases like "hijacking NXDOMAINS".

    • Re: (Score:3, Funny)

      by EdIII (1114411) *

      Hmmmm, sounds informative and reasonable.... damn. So what do I do with these pitch forks, torches, hot tar, and feathers now?

    • by Jade E. 2 (313290)

      Absolutely correct. The only thing that's changed is that MS redirected auto.search.msn.com, search.msn.com, and all of live.com to bing.com. So the old MSN Live Search domain not found page (Which should be familiar to anyone who ever misspelled 'getfirefox.com' shortly after installing a new windows system) now says Bing.com instead. Everybody panic!

    • by canajin56 (660655)
      On top of that, it's always done this. If they'd run this article 5 years ago it would have been "Snooze, ye olde news is olde."
  • Confirmed (Score:2, Informative)

    IE 6 and 8 (don't use 7 anywhere). Both redirected to BING ....

    The funniest thing we have ... our filter (k-12 schools) blocks BING LOL. ... here is the report ...

    Category: Image Servers & Image Search Engines

    Blocked URL: http://www.bing.com/search?FORM=DNSAS&q=www.DoNotHijackMe.com&adlt=strict [bing.com]

  • I get a search page on bing.com using IE7 but didn't update today :( I think i have previous updates except IE8.

  • Bad Posts (Score:5, Insightful)

    by Microlith (54737) on Tuesday August 11, 2009 @05:12PM (#29030717)

    Yet another stupid, linkless, flamebait article.

    Come the fuck on guys.

  • I don't know if it is just my perception, but it feels like MS is back to their old ways with a lot of their activities these days - particularly with regard to anything web facing.

    After what felt like a few years of roughly being fair with things, we seem to have had a spate of underhand moves recently. Off the top of my head I can list installing firefox extensions through windows updates without asking (spooking a lot of people including myself - "1 new extension installed what? I didn't install any
    • by cmacb (547347)

      I don't know if it is just my perception, but it feels like MS is back to their old ways with a lot of their activities these days - particularly with regard to anything web facing.

      At what point did you think that they had left their old ways? The most annoying aspect of their old ways to me was that they were constantly lying about what their intentions/directions were. They did after all start working on OS/2 as the future direction for Windows. More recently they hired a single Open Source guru and d

    • Re: (Score:3, Insightful)

      by Blakey Rat (99501)

      What is WRONG with you people? Why do you real Slashdot stories like this one and instantly come to the conclusion that the story is accurate? Or even remotely true?

      Look, maybe this is your first day, so let me clarify it: Every story on Slashdot about Microsoft is at least misleading; most are outright false . Repeat that mantra a few times until it sinks in.

      No, this isn't Microsoft "going back to their old ways." This is some moron finally discovering a feature that IE has had since version 6, and possib

  • IE is - as stated above - being helpfull, as a program should be. It is not a "hijacking" since the program requesting the DNS-lookup is IE. This is nothing like having NXDOMAIN, transparently, changed into something it isn't on the network-level.

    In one case the program gets to decide what to do and in the other someone else is telling your program that the expected result is something else.

  • by Looce (1062620) * on Tuesday August 11, 2009 @05:15PM (#29030779) Journal

    IE 6 has always been doing stuff on auto.search.msn.com if you entered URLs whose domain name didn't exist.

    This is not news.

    Nothing to see here, move along.

    • by gad_zuki! (70830)

      No, its not news its slashdot. The editors realized we havent gotten our two minutes of hate today. How childish and predictable. No wonder no one takes this place even remotely seriously.

  • The problem with REAL null domain hijacking is that it breaks software. It breaks VPN clients in a BIG way as well as anything else that searches the Intranet for services. Since this is only active within the web browser and entirely possible to disable, it is far from the big hassle that ISP based hijacks are.

    Firefox also does exactly the same thing. Also easy to disable.

  • Using IE 6.0.2900.2180.xpsp_sp2_qfe.090206-1239:
    I just tried it and I got hijacked to a Google page sponsored by Dell.

    My computer is a Dell.

  • IE is not DNS server. What is most likely happening is that with some registry entry a certain way and a certain set of patches, when IE gets a NXDOMAIN when doing a domain name lookup it then does a bing/google/yahoo search (depending on another registry entry for your preferred search engine). It used to show a page with a red X.

    This is not DNS hijacking. If somehow Windows now had a caching DNS server that substituted a IP address that then redirected to a bing search or something of that sort, that woul

  • Running IE7 - no hijacking for http://www.donothijackme.com/ [donothijackme.com]

    Just points me to "the page cannot be displayed"

  • No mystery here (Score:3, Informative)

    by jeffcuscutis (28426) on Tuesday August 11, 2009 @05:23PM (#29030885) Homepage

    I just tried it = www.DoNotHijackMe.com in IE8 and Google loaded.

    It's caused by a setting Tools -> Internet Options -> Advanced -> Search Options and "Just Display the results in the main window" is selected. If "Do not submit unknown addresses to your auto-search provider" is selected, if it can't find an address it submits it to your default search provider.

    No mystery.

  • by Absolut187 (816431) on Tuesday August 11, 2009 @05:28PM (#29030935) Homepage

    Tools -> Internet Options -> Advanced -> Search from Address Bar -> Do not search from address bar.

  • by characterZer0 (138196) on Tuesday August 11, 2009 @05:30PM (#29030963)

    Every time an ISP starts hijacking NXDOMAIN responses, dozens of comments suggesting that this should not be done by the ISP but in the browser get modded +5 and are generally agreed with.

    So MS made their browser do it. What is the problem?

    (Other than using a monopoly in one market to get one in another.)

  • I tried www.donothijackme1234.com and I got a pop up asking if I wanted to turn the phishing filter on (you can tell how much I use IE on this computer).

    I wonder if turning that on/off makes a difference?

    (I clicked "turn it off" of course)

  • All IE is doing is performing a search for whatever you typed in, if it can't find the domain. If your search engine is set to Bing, it will search there. My search engine is set to Google, so it searches there.

    Nothing to see here, other than FUD perpetrated by the ./ community.

  • by kuzb (724081) on Tuesday August 11, 2009 @05:56PM (#29031289)
    Seriously, how many bad articles does this guy have to post before he gets thrown off the slashdot team?
  • IE6 and IE7 installations are now routing all NXDOMAINs to Bing.

    Where are they sending visitors to slashdotted sites?

  • Microsoft today heeded the lessons of technological history, taking the popular "preview porn videos in the search engine" feature and turning its Bob Hope "decision engine" into a porn finder at the address explicit.bobhope.microsoft.com, that loads automatically in Internet Explorer whenever you go to a site that doesn't exist.

    "It worked for VHS over Beta, porn sites were leading innovators in online payments. It's a natural synergy," said Steve Ballmer, looking somewhat sweaty and flushed.

    Porn sites

  • I know you all wanted to see me post that. Such a primmadonna (kdawson, not me)

  • It's the correct solution for that "problem" with no "splash damage".

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...