Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want.

During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redirect users to the attacker’s own domain.

Below is the encoded JavaScript:

Once decoded, the behavior becomes a bit more clear:

A check occurs for the cookie clickund_expert before the script verifies if the browser is Chrome.

Continue reading Malicious Pop-up Redirects Baidu Traffic at Sucuri Blog.

Via Sucuri.net