I have some earlier versions of mcbsys.com online more or less for fun and as historical archives. Today I discovered that when you visit one of them, it redirects to various random sites. Not good!
Long story short, I discovered that an old Microsoft Syndication link now hijacks the browser and redirects it to a malicious host.
The syndication link was behind my old Microsoft Small Business Specialist logo:
When you clicked on the button, it would load the (now defunct) page
http://www.microsoft.com/smallbusiness/partner/small-business-specialist.mspx
to tell you about the Specialist program. But there is also a “crumb” passed to a JavaScript script that provided tracking info, proabably about visits to my site. That JavaScript was hosted at microsoftsyndication.com.
Now, that Javascript opens a one-line command to take the visitor to the first page in a series of redirects:
Note that is it not necessary to click the button to get redirected—the JavaScript is executed as the page loads and you are immediately taken away from my old site.
Unsurprisingly, according to DomainTools.com, the microsoftsyndication.com domain was registered to an undisclosed entity 123 days ago. The registrar is Gransy s.r.o in Prague and the abuse address is at Gransy’s Regtons brand.
Whoxy.com provides a helpful history showing that the domain was owned by Microsoft until this year:
Fortunately, the fix is easy: just remove the syndication link from my web site.