An interesting browser hijacking that I have not seen before... watch out for the "free" Geobytes Geoflag
Edit: the Geobytes flag has been removed from the blog being discussed below - YAY!!!
I was pinged by another MVP tonight, who was very concerned because he had visited a blog on msmvps.com, only to have his web browser immediately hijacked - redirected away from the blog he wanted to read to ozdirect.com.au. So, I went to take a look.
I, also, was immediately redirected away from the blog to ozdirect.com.au.
Thankfully I had made sure that Fiddler was running in the background, just in case, because the hijack occurred once, and I can confirm that the free Geobytes Geoflag on the blog is what is hijacking visitors to the blog in question.
This is what happens.
When the blog loads, I see the following request and response:
Note the window.open and reference to ozdirect.com.au
Now, look what happens if I refresh the blog:
No more window.open or ozdirect.com.au.
Now, it just so happens that Geobytes states on their web page that, if you add the free Geoflag to your site, the following will occur:
The site then goes on to say:
The problem is, the "new window [with] the original intended content" did not open - not for me, and not for my MVP correspondent.
I mean, seriously, what website owner in his or her right mind would agree to allowing his or her visitors to be hijacked - dragged away from their site and dumped somewhere else under such circumstances in a world where pop-up blockers are the rule, rather than the exception. Oh, and by the way, I have long since disabled the pop-up blocker in IE8 on my system - I need to see pop-ups as part of my role as an Online Compliance Researcher, so we can't even blame a pop-up blocker for Geobytes' failure to open the promised new window on this system.
We will report the problem to the blog's owner, so hopefully the nasty little flag will be gone soon... What nasty flag? This nasty flag - the Australian flag that you can see in the screenshot below: