×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Two Major Ad Networks Found Serving Malware

samzenpus posted more than 3 years ago | from the wanna-buy-a-virus? dept.

Advertising 330

Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

330 comments

First post (-1)

Anonymous Coward | more than 3 years ago | (#34532098)

Terriffic!

Of course! (4, Interesting)

MadUndergrad (950779) | more than 3 years ago | (#34532100)

What do you expect from a company called "Doubelclick"? I bet Googel tampers with their search results too.

Re:Of course! (1, Insightful)

icebike (68054) | more than 3 years ago | (#34532106)

Doubleclick is Owned by Google, so they probably don't need to tamper.

Oh, ah, Whooosh, I guess.

I always wondered that acquisition (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34532646)

At the time Google bought DoubleClick, Google owned the advertisement network with the best reputation (Goolge AdWords/AdSense. Relevant, not-very-annoying text ads) and DoubleClick had perhaps the worst reputation (horrible flash banners, etc.) of them all. I couldn't understand why Google would buy that. Then again, these days Google is pretty horrible towards Ad publishers (closing or freezing accounts without offering any explanation, etc... If you aren't a big name, expect to get buttfucked by Google) while DoubleClick is decent-ish (they should really send their lawyers after dishonest advertisers more... But arguably that's the publisher's responsibility). So doubleclick screws the users but is good for the publishers, Google screws the publishers but is good for the users, both are pretty fine for advertisers. I guess it works out.

(Disclaimer: I work for an agency that does - among other internet related things - SEO, internet advertising and the like. I'm obviously not in any way assosciated with either of the companies unless you count the fact that we hold a number of Google certificates...)

Re:Of course! (2)

oliverthered (187439) | more than 3 years ago | (#34532244)

umm... not in violation of one click shopping patents?

Re:Of course! (0)

Anonymous Coward | more than 3 years ago | (#34532398)

No, that's zero-click shopping. You don't click anything and the malware authors and advertisers do the (drive-by) shopping for you.

NO SUCH THING AS PREMATURE EJACULATION !! (-1)

Anonymous Coward | more than 3 years ago | (#34532102)

Think about it !!

Re:NO SUCH THING AS PREMATURE EJACULATION !! (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#34532350)

No, but...

I am sexually the arousal of juvenile sheep!

There's nothing like a misty Scottish morning and a couple of stiff drinks of single malt followed by plunging one's tally-whacker up to the hilt into the moist baaing loins of an underage sheep!

Why I've boinked them in the Highlands, rogered them in Skye, screwed them in North Lanarkshire, and boffed them in Fife!

That's why we wear kilts, laddie!

No fiddling with trouser buttons: the back legs go into the wellies and Bob's your uncle!

Some people say screwing sheep is wrong, but if you've ever seen the look of love and devotion they give after a sound bonking, you'd think otherwise.

Well: Scots wa hae!

Re:NO SUCH THING AS PREMATURE EJACULATION !! (-1)

Anonymous Coward | more than 3 years ago | (#34532456)

A wizard is never late nor is he early; he comes precisely when he means to.

I've seen stuff coming from MSN for quite sometime (0)

Anonymous Coward | more than 3 years ago | (#34532104)

Is this really the first instance of it?

Re:I've seen stuff coming from MSN for quite somet (2)

SpacePunk (17960) | more than 3 years ago | (#34532116)

I doubt they check the scripts before they are put up for rotation, and this is their chance to find a scapegoat. As long as they get paid, I doubt they care to check.

Re:I've seen stuff coming from MSN for quite somet (0)

Anonymous Coward | more than 3 years ago | (#34532388)

I've been seeing this for the past few months. First I was wondering where the "PC Antivirus 2010" virus was coming from (this one pretends to be an antivirus product). Then one day I saw it's popup from a random message board (googling for some information led me to that particular board). Since I was on my Fedora box at the time it didn't affect anything. However I traced it back to the ad that came along with the web page. Don't remember which ad network it came from though.

Noscript wins again (5, Insightful)

wizardforce (1005805) | more than 3 years ago | (#34532120)

One more example of why ad blocking has its security benefits. What's worse is that doubleclick and friends are used by pretty much every site out there including Slashdot. It's a shame that although a lot of people would be willing to support sites like Slashdot allowing a few ads to load occasionally; doubleclick just isn't trustworthy enough to allow that.

Re:Noscript wins again (5, Insightful)

cappp (1822388) | more than 3 years ago | (#34532140)

And this is why I blanket block all ads on all sites. It's an incrediably blunt instrument, but its the only way to avoid this kind of thing apparantly.

What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines, but I just can't justify exposing myself to whatever that week's ad-based crazy shit danger happens to be. It's similar to how I feel about porn sites - the responsible part of my wants to subscribe and send them a little cash for the assistance rendered by their presentation of jiggly bits being jiggly...but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

So now I find myself chosing between doing that right thing - supporting the services I use - and the secure thing. And as it happens, the secure thing wins out.

Re:Noscript wins again (5, Interesting)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34532166)

What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines,

Ad views have become the defacto micropayment system. If we had an alternative, sites wouldn't have to be dependent on privacy-invasive and security-breaking ad systems. I'm sure that many would anyway, but they would at least have other options.

but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

Micropayments could solve that problem too - anonymous microcash would be almost completely immune to the kind of abuses that you are avoiding.

Re:Noscript wins again (4, Interesting)

CosmeticLobotamy (155360) | more than 3 years ago | (#34532396)

A "push" credit card transaction would also solve those problems. Why is it that I can only pay for something by giving my entire credit balance to someone and trusting them to give me back everything but what their invoice says? Why can't I say, "Hey, MasterCard, give this guy $50." He gets an email, his automatic email-getting-password-sender-outer tells me how to get to his jiggly bits. ... I mean, the jiggly bits he has video of, not the ones between his pockets.

Re:Noscript wins again (2)

Karellen (104380) | more than 3 years ago | (#34532470)

I use a debit card for online transactions. It has its own separate bank account, with no overdraft or other type of negative balance facility. When I want to buy something online, I get to the checkout page, see how much the total is, use online banking to transfer just enough money into the account from my main account to cover the cost, and then proceed with the purchase. If a retailer tries to take too much, or tries to take payment twice, or if the card number is compromised and is used fraudulently, payment requests just bounce with an "insufficient funds" error.

I think I might get charged for payment bounces, but however much that is is probably going to be less than the value of the invalid payments. And the people messing about get nothing from it.

Re:Noscript wins again (1)

Anonymous Coward | more than 3 years ago | (#34532708)

> If a retailer tries to take too much, ...
> payment requests just bounce with an
> "insufficient funds" error.

I used to think I was safe like that with a no-overdraft debit card account, until I went overdrawn!

The bank *will* honour all transaction requests received through the VISA network ( in my case ) regardless of funds. They claim this is because balancing occurs at the end of the business day.

The "lack" of overdraft just meant that I was charged an exorbitant fee for going overdrawn, though I managed to negotiate it down to a penny after making a protest.

Re:Noscript wins again (2)

symbolset (646467) | more than 3 years ago | (#34532274)

You can subscribe to many sites like slashdot, and pay them directly.

Re:Noscript wins again (1)

lxs (131946) | more than 3 years ago | (#34532510)

Sure, but nobody wants to subscribe to many sites. One or two is fine but twenty or more? Especially when most only have interesting content once a fortnight.
(I know that's not what you meant but it gets to the heart of the problem as I see it.)

Re:Noscript wins again (0)

Anonymous Coward | more than 3 years ago | (#34532402)

And this is why I blanket block all ads on all sites. It's an incrediably blunt instrument, but its the only way to avoid this kind of thing apparantly.

Or you can use a Linux or Mac OS X box and not worry about it. OR you can learn how to correctly configure your Windows box.

Re:Noscript wins again (4, Insightful)

oobayly (1056050) | more than 3 years ago | (#34532658)

Well I thought I was running a properly configured box. Everything up to date, not using IE etc. Clicked on a link and got a Google warning about the sit. Fine I thought, I'll use the get me out of here button and suddenly I'm being bombarded by AV warnings. Noticed a Java console icon in the Systray, so that was how it arrived. What was unbelievable was that within seconds every HTML doc was infected with fucking vbscript.
I gave up on windows for home use there and then and now use Linux full time (instead of occasionally), and just windows for .net stuff.
As an aside, time to install Ubuntu, about 40 minutes. Time to install XP (from slipstreamed SP3 CD), half a fucking day including a call to India to ask for an OEM number that fucking worked. None of the driver bullshit either.

Re:Noscript wins again (0)

Anonymous Coward | more than 3 years ago | (#34532612)

Not the only way. You can avoid connecting to websites too.

Re:Noscript wins again (2)

icebike (68054) | more than 3 years ago | (#34532142)

Agreed.

I use OpenDNS to block doubleclick but they have a lot of domains they serve under in addition to their own.

I don't begrudge the advertising, I've even been known to click on it occasionally if it interests me. And I don't worry too much about the malware, running Linux and tight filters. But a few jerks like ADShufffle.com screw over all the advertiser. And I wager nothing at all happens to them.

Re:Noscript wins again (1)

Maxo-Texas (864189) | more than 3 years ago | (#34532264)

Aye!
Adblock, No-Script.

I use AVG, not sure what is best free virus scanner. Don't think the commercial scanners are significantly better (maybe not better at all) than the free ones.

Re:Noscript wins again (0)

Anonymous Coward | more than 3 years ago | (#34532346)

AVG has gotten pretty bad lately, though you are right about the free ones being more or less equal to the paid ones. I'd personally recomend Microsoft Security Essentials (yes Recommending a Microsoft security product does send chills down my spine, but it actually is impressively good), or avira.

Re:Noscript wins again (1)

capnkr (1153623) | more than 3 years ago | (#34532466)

I used - and recommended to MS using clients - MSE for a while, but found it annoying how often it made me wait to open up directories while it (I'm fairly certain) was phoning home to check whether something therein was suspicious or not.

Getting around that wait was as simple as opening the MSE interface, disabling 'real time protection' (whereupon said directory would immediately open) and then re-enabling 'real time protection'. But... why have to do that, so often? And having to do that, kind of makes it pointless to be running the application, anyway. This behavior persisted through several upgrades, until I finally had enough...

I use Avast on my Win systems now, it seems to be the best of the free a/v's. AVG borks end users systems with their upgrades too often for my taste, Comodo works well but is a little too 'forgetful' of what usually are persistent settings...

Re:Noscript wins again (5, Informative)

hairyfeet (841228) | more than 3 years ago | (#34532528)

As a PC repair guy with waaaay too many click happy customers I'd say your best bets in the free AV category are MS Essentials and Comodo AV. In my experience thanks to its auto sandboxing of all apps unless told otherwise Comodo is a little better protection, but of course as with most of the "smart" AVs it has a bit of a learning curve, and will ask you questions for about a week until you've launched all your daily apps. Nice thing is it has built in limited whitelists with core Windows system behaviors so it don't bug you when Windows is doing what it is supposed to be doing, like scheduled tasks. MS Essentials doesn't ask you squat and is pretty unobtrusive but I wouldn't recommend it for those that are click happy or go to dodgy sites because of its lack of sandboxing and registry virtualization so if anything does manage to get past it your borked. But it does have a good detection rate and is a hell of a lot less bloated and buggy than AVG.

As for TFA this is why I install Firefox with ABP on every customer's PC and show them how easy it is to use. by having them block ads I've found their rates of return because of infection dropped by a good 80%. While I understand that sites like /. need to make money, having their PCs turned into a zombie or having their CC stolen by a keylogger simply makes ads too risky at this point in time. It is as I said that JavaScript is becoming just as big a vector of infection as ActiveX ever was. I'm sure that we'll look back in 5 to 10 years and go "WTF were we thinking?" with JavaScript just as we do with ActiveX now. Trusting third party code served up from some ad bunch with no control over content or risk is just a bad way for a site to do business. If they are gonna serve ads than maybe we should go back to simple text and picture ads which don't require code to run.

Re:Noscript wins again (-1)

Anonymous Coward | more than 3 years ago | (#34532514)

LOL why I love noscript and adblovk plus :)

Re:Noscript wins again (0)

Anonymous Coward | more than 3 years ago | (#34532656)

Aside from using Noscript, I take its approach with Adblock too, i.e. block everything, allow only who you trust.

There are some ad networks out there that do it right. They only serve images and ads are targetted based on site content instead of violating your privacy up the ass.

projectwonderful.com is one of those. Since advertisers pick which sites to run their ads on (right from the site the ads get shown) I find interesting ads suprisingly often. Granted, they might be too small to consider for big sites.

I really don't know why Google is the leading ad network, though. Their ads are utter crap. Not that MSN was any better. I was never even tempted to click any of their ads before I blocked them.

Can't say I'm surprised... (3, Informative)

TestedDoughnut (1324447) | more than 3 years ago | (#34532122)

Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago. With that in mind, I can't say I'm really all that surprised that advertisers would be the source of ad/spy/malware...

Re:Can't say I'm surprised... (0)

Anonymous Coward | more than 3 years ago | (#34532298)

I've used mvps' hosts file for years. No plugins to deal with and they block ads in all programs, not just the browser.

HOSTS files are the way to go.

It's the second thing I setup after MS Security Essentials.

Re:Can't say I'm surprised... (3, Informative)

gmhowell (26755) | more than 3 years ago | (#34532348)

Oh no, between you and the AC, you've mentioned HOSTS files twice. If you mention them a third time, the apk troll shows up, like a techno Candyman with Tourette's.

Re:Can't say I'm surprised... (-1)

Anonymous Coward | more than 3 years ago | (#34532424)

Oh no, between you and the AC, you've mentioned HOSTS files twice. If you mention them a third time, the apk troll shows up, like a techno Candyman with Tourette's.

Hosts file.

Bring it on.

Re:Can't say I'm surprised... (0, Interesting)

Anonymous Coward | more than 3 years ago | (#34532574)

16++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
http://blog.fireeye.com/ [fireeye.com]
http://mtc.sri.com/ [sri.com]
http://news.netcraft.com/ [netcraft.com]
http://www.shadowserver.org/ [shadowserver.org]

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs.

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) You don't have the sourcecode to Adblock. With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in).

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

* MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once GET CACHED, for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskcache (like ANY file is), so it reads F A S T upon re-reads/subsequent reads (until it's changed in %WinDir%\system32\drivers\etc on Windows, which marks it "Dirty" & then it gets re-read + reloaded into the local diskcache again). This may cause a SMALL lag upon reload though, depending on the size of your HOSTS file.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock, &/or NoScript (especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"...

APK

P.S.=> Some more notes on DNS servers & their problems, very recent + ongoing ones:

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even GOOGLE DNS, & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECUNIA.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] ... apk

Re:Can't say I'm surprised... (2)

maxwell demon (590494) | more than 3 years ago | (#34532614)

Let me add one disadvantage of host files vs. AdBlock/NoScript & Co.:

The host file approach is completely unusable on machines where you have no root/admin access. And even on networks where you have root/admin access, but don't own the network and are not the one responsible for networking, you may get into troubles if you try to change host files. OTOH, Firefox plugins can be installed at the user level, without a need for root/admin access, and since user-installed plugins only affect the single user (i.e. you), they are much more likely to be accepted.

Re:Can't say I'm surprised... (0)

Anonymous Coward | more than 3 years ago | (#34532710)

Picking on people on the internet is fun and all, but in cases where mental handicaps are clearly involved you should be more understanding. It's pretty clear that APK is likely quite autistic...

MSN sucks! This would never happen to Google! (3, Funny)

Anonymous Coward | more than 3 years ago | (#34532128)

Oh wait... Google's doubleclick got tricked too.... okay, nevermind.

  -The Anonymous Google Fanboy

Re:MSN sucks! This would never happen to Google! (3, Informative)

icebike (68054) | more than 3 years ago | (#34532150)

Quote Story:

A spokesman for Google, which owns DoubleClick, told the IDG News Service that the malicious ads were only being served for a short amount of time, and that the company's own malware filters detected the ads, as well.

So, MSN was clueless. Google was merely slow to act.

No no, MSN is right on the ball (2)

SmallFurryCreature (593017) | more than 3 years ago | (#34532732)

MS for the security holes, MSN for the exploits. One stop shopping! We have you rooted the fastest! Where do you want someone to make you go today!

is there anyone left NOT running adblock? (0, Interesting)

Anonymous Coward | more than 3 years ago | (#34532130)

Both of you should install it.

And who the fuck has their machine set up for "drive by downloads" in this day and age? After the last decade of headlines about malware? Really, what kind of idiot to you have to be to run a machine configured like that these days?

In the early days, yeah, shame on the malware people. But fool me 48120912312 times? Shame on me.

Re:is there anyone left NOT running adblock? (3, Insightful)

scdeimos (632778) | more than 3 years ago | (#34532190)

Really, what kind of idiot to you have to be to run a machine configured like that these days?

How about 90% of the people on the internet, those who are in the "mom and pop" or "poor student" class of user and don't actually know anything about computers except for turning them on and off, and double-clicking the Outlook Express and Internet Explorer icons.

There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?

Re:is there anyone left NOT running adblock? (1)

MichaelSmith (789609) | more than 3 years ago | (#34532220)

There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?

Then my mother would have no access to the internet. She only uses three or four functions on her ubuntu system and I reckon its pretty safe.

Computers are a dying breed (4, Insightful)

Anonymous Coward | more than 3 years ago | (#34532422)

This is exactly why iPad type "computers" are the coming thing. Locked down in a walled garden and simple to use. Few people *really* need a 'real' computer when a small "device" will do everything they need.

Re:Computers are a dying breed (1)

MichaelSmith (789609) | more than 3 years ago | (#34532468)

Thats true. She is mainly interested in "passive" content. She loves the Bureau of Meteorology site [bom.gov.au] for example because she loves to garden, but needs to correlate her gardening with the weather. I set up an RSS feed reader with links to blogs such as boingboing, and news sites, but she is not so interested in those. A tablet would be fine but we are kidding ourselves if we think malware is going to just go away.

Re:is there anyone left NOT running adblock? (3, Funny)

Push Latency (930039) | more than 3 years ago | (#34532276)

Don't forget the folks who believe it's morally wrong to block ads. I had a long conversation with a college professor of programming who believes that quite strongly.

Re:is there anyone left NOT running adblock? (0)

Anonymous Coward | more than 3 years ago | (#34532288)

There really should be a license requirement for using computers on the internet - you don't let unlicensed drivers on the road, do you?

There really should be standards for browsers on the internet - you don't let cars with a gas pedal on the left on the road, do you?

The problem with IE is insecure defaults. A browser that allows auto-install by default is BROKEN. Same deal with "hide extensions by default"... sorry... MS's stupid defaults are a pet peeve. It's such a simple and obvious thing, and their reputation wouldn't be nearly as bad if they just fixed their defaults.

It's not just IE (2)

Anonymous Brave Guy (457657) | more than 3 years ago | (#34532356)

The problem with IE is insecure defaults. A browser that allows auto-install by default is BROKEN.

People in glass houses, and all that.

The only time any PC I run has been compromised to my knowledge was a relatively recent drive-by download via a Java applet. The machine was running Firefox, and both it and the Java VM were fully patched. The machine was also behind a properly configured firewall, and running up-to-date anti-virus software and assorted security/privacy plug-ins in the browser. Unfortunately, none of that helps if you get hit by a zero-day exploit. Also unfortunately, I hadn't yet found where they moved the "enable/disable Java" functionality in Firefox 3.6, not that knowing that would have helped me much, because some tools I need for work actually do use Java applets and therefore the related plug-ins anyway.

BTW, I had just started browsing social news sites like Slashdot, opening a handful of tabs to normally reputable sites to read the articles (yes, really, some of us actually do). I'm pretty sure I got hit via either a third party source that AdBlock missed or a compromised comment on a blog post.

In any case, please don't kid yourself that this is only a problem for dumb Windows/IE users surfing for warez/pr0n/whatever. Just because you're running Linux instead of Windows, or Firefox/Chrome/Opera/whatever instead of IE, or visiting legitimate sites that are themselves not going to attack your system, that doesn't mean you're somehow immune. It just means you're a less likely target. Pride comes before the fall.

Re:It's not just IE (2)

maxwell demon (590494) | more than 3 years ago | (#34532560)

BTW, I had just started browsing social news sites like Slashdot, opening a handful of tabs to normally reputable sites to read the articles (yes, really, some of us actually do). I'm pretty sure I got hit via either a third party source that AdBlock missed or a compromised comment on a blog post.

A plugin which probably wouldn't have missed it (unless it comes directly from a site you explicitly surfed to, e.g. because the site became compromised) is RequestPolicy. It by default blocks any request from one site to another. However I have to admit that sometimes it can be quite some work to figure out what to enable to make the site work.
Oh, and NoScript can be configured to not allow Java applets by default, but only after explicit clicking, even from otherwise trusted sources. That way, you'll never get a Java applet running on drive-by, because you have to click every time to start the applet.

In any case, please don't kid yourself that this is only a problem for dumb Windows/IE users surfing for warez/pr0n/whatever. Just because you're running Linux instead of Windows, or Firefox/Chrome/Opera/whatever instead of IE, or visiting legitimate sites that are themselves not going to attack your system, that doesn't mean you're somehow immune. It just means you're a less likely target. Pride comes before the fall.

Yes, each of the measures doesn't make you immune. But each one reduces the probability of getting affected. At some point, the probability drops low enough that you can basically neglect it. That's not related to pride (I'm not at all proud for having to make extra effort to get a page display properly; also the reason I'm using Linux isn't related to pride, indeed not even to security, but simply to the fact that it works better for my needs; if I were a hardcore gamer, I'd probably use Windows).

Re:is there anyone left NOT running adblock? (1)

arkhan_jg (618674) | more than 3 years ago | (#34532600)

We require training and driving licences because failure to control a ton and a half of metal and plastic at high speeds can easily kill people, including the driver.

Your mom getting a virus, thus needing you to go and clean her machine yet again does not rise to quite the same level of public safety. What's the next licence, being allowed to use a mobile phone in a public place?

Re:is there anyone left NOT running adblock? (0)

Anonymous Coward | more than 3 years ago | (#34532688)

We require training and driving licences because failure to control a ton and a half of metal and plastic at high speeds can easily kill people, including the driver.

Your mom getting a virus, thus needing you to go and clean her machine yet again does not rise to quite the same level of public safety. What's the next licence, being allowed to use a mobile phone in a public place?

If you hadn't noticed. Your moms virus infected computer occasionally kill people. There are both unintended and intended attacks from bot-nets against hospitals (even if only databases with patient information that go down, it may kill people, not to mention obvious things like life supporting machinery controlled by a PC), vital infrastructure, human rights groups et.c. When your mom want to show of picture of her grandchildren, she brings a USB-memory to work, I hope she doesn't work in a hospital, or a nuclear plant, or somewhere with computer controlled heavy machinery, or a bank, or... . So the car analogy holds, a virus infected computer is as dangerous as a car with a drunk driver.

It wasn't a good idea to use standard PC:s with a MS OS to run vital equipment, or even important administrative tasks. It was a really bad idea to hook up computers doing anything important to internet. But as it is, this is standard practice, your moms virus infected computer may very well be the last straw that kill someone.

coulda told ya (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34532132)

I could have told you that. I narrowed down the issue to MSN/Hotmail a couple days ago and was advising users to stay away for as long as possible/use adblock/noscript.

I've been dealing with removing this horseshit from end users pc's all week.

Something interesting I noticed was the malware authors were amateurs- they forgot to setup the fake HDD defrag malware to run at boot on any other user profile besides the one that was infected.

Made disinfection pretty easy...

Adblock (0)

Dhilung (1538519) | more than 3 years ago | (#34532134)

That is why we have Adblock.

and sandbox (2)

Mordie (1943326) | more than 3 years ago | (#34532162)

and sandboxes, and no script, and external firewall devices, and backup drive images from previous weeks

Re:and sandbox (1)

Anonymous Coward | more than 3 years ago | (#34532178)

and OS X or any flavor of Linux ... que for not being most popular OS and therefore nobody cares (with malware et all)

Praise for adblock (1, Insightful)

Matt Perry (793115) | more than 3 years ago | (#34532138)

This is why I block all ads and all your moral arguments and begging [arstechnica.com] be damned. Ad blocking is sensible risk management.

Re:Praise for adblock (2, Interesting)

Mashiki (184564) | more than 3 years ago | (#34532146)

Queue people whining and crying that people are thieves and all that because they block ads. Sorry, but if you can't be sure you'll never serve malware. You'll never be allowed to serve ads which might infect my machine with something...nasty. Especially now that ransomware is starting to become the next trend.

Re:Praise for adblock (4, Insightful)

Deathlizard (115856) | more than 3 years ago | (#34532260)

Let em whine. I'm sorry, These ad firms put themselves into this mess.

The day ad firms decided to allow advertisers to use Flash and JavaScript in their advertisements is the day I started blocking them. Seriously, What was wrong with simple images and text? Was the monkey way too easy to punch or something?

Re:Praise for adblock (2)

Tom (822) | more than 3 years ago | (#34532670)

add animated GIFs to that list.

I started blocking ads when two things happened, pretty much simultaneously:

One, ad content took over a considerable part of the screen real estate and
two, ads started to distract from the actual content through animation, blinking, sound, etc.

I know advertisement is all about getting your attention, but it tries to do that in contexts where I don't want my attention diverted to something else. I don't mind advertisement on the WC or on the bus that much, it's not as if I had anything better to do there. But when I'm driving or browsing, I hate every single ad I encounter. Luckily, for browsing there is AdBlock.

And I don't like the whining, either. If you business model relies on ads, then your business model is broken. But if you absolutely want to give me ads, how about using text ads? I don't mind those, they are a ton less distracting, which greatly improves your chances of me actually clicking one instead of hating it.

Adblock doesn't always work (0)

Anonymous Coward | more than 3 years ago | (#34532450)

That's why I run all my websites without scripts calling ads and calling all ads as images from the server its self. Users like you would have to block all gif files, and if you do that the sites are essentially useless (no navigation, etc.). If you don't want to at least view ads on my sites, I don't need your taking up my server bandwidth. I pull in 6 figures a year and the last thing I'm worried about, having had sites online since 1996, is loosing traffic of people using noscript and/or adblock.

Trust model (5, Interesting)

Inf0phreak (627499) | more than 3 years ago | (#34532160)

The trust model of online advertising is in my opinion fundamentally broken. A big part of the security model of the web is domain-based - e.g. the same origin policy - but this goes down the drain with third party ads hosted on yet another third party's server.

With online advertising it was for the first time possible to measure the effect of ad campaigns better than "how many saw it and did we sell more after it?" What did this bring us? "PUNCH THE MONKEY!", "LOOK AT THE BLINKING LIGHTS!", "BEEP BLOOP BEEEEEP!!!" and perhaps most insidiously it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.

AdBlock doesn't just save you bandwidth and reduces the annoyance of browsing the web, it is also one of the best tools for avoiding drive-by malware from ads.

Re:Trust model (1)

mrvan (973822) | more than 3 years ago | (#34532692)

... it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.

Erm? I would say the trust model works exactly as promised.

I trust slashdot.org (I know, silly me) and ask my browser to download and display HTML content from their domain
The HTML at /.org instructs my browser to go get and display some other content from an ad domain
I do not trust that ad domain and refuse to display their content
Everybody happy?

*Browsers*, however, need to become more explicit about this and realize that if I instruct them to get a page from x.com I don't really want to get images, frames and whatnot from Y.com. Firefox used to have an "don't display images from external sites" option but I think it was lost in translation somewhere? I would really like a general "don't download content from other domains" and more specific don't download images/javascript/flash/pdf etc from other domains" options, with some sort of statusbar notification and whitelisting.

I would say that the trust model would be broken if slashdot would serve external content as if it is part of their domain, which they could if they wanted, so we should be happy that the ad-services insist on serving their own content...

Adblock is not that great a protection on its own (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34532184)

Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.

Much better to have secure systems inside than walls trying to block everything.

Re:Adblock is not that great a protection on its o (2)

sirsnork (530512) | more than 3 years ago | (#34532238)

Because it's not the web server being comprimised per say. It's the Ad network either being fooled, or willfully putting up exploit code rather than any sort of hack going on. Also considering the turnover of data/files on an ad networks servers, it's much harder for them to keep this from happening

Re:Adblock is not that great a protection on its o (2)

rtfa-troll (1340807) | more than 3 years ago | (#34532494)

To expand on this; the job of an ad agency is to put you in touch with many groups who normally you wouldn't be in touch with. Preferably even groups who you wouldn't want to be in touch with. There's a differece between going to a place you trust which might be compromised and a bunch of such places having the chance to pay to get in touch with you.

Re:Adblock is not that great a protection on its o (0)

Anonymous Coward | more than 3 years ago | (#34532592)

Per what [wikipedia.org]? No need to thank me, it's my job.
--
In case of emergency, dial 1-911-GRAMMAR

Re:Adblock is not that great a protection on its o (0)

Anonymous Coward | more than 3 years ago | (#34532320)

NoScript isn't annoying at all once you get the hang of it.

Just click on the button at the bottom of the screen and say to allow/temporarily allow a site, then it won't interfere. You don't lose your protection by doing this; you allow the site you're browsing but still forbid the 3+ unknown sites which also have scripts in your page. These outsiders are where the problems come from, so you can allow the content without allowing the malware.

Re:Adblock is not that great a protection on its o (1)

maxwell demon (590494) | more than 3 years ago | (#34532576)

It's annoying because you recognise that the pages often need scripts from sites you actually don't want to enable (e.g. more and more pages need googleapis, even pages where it's absolutely pointless).

Re:Adblock is not that great a protection on its o (0)

Anonymous Coward | more than 3 years ago | (#34532472)

Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit?

It's about risk mitigation, not necessarily risk elimination. Suppose website X has content I'm interested in, and iframes to three ads I don't care about. That's 4 risk exposures. If I allow X but not the three ads, then then I have reduced my risk from 4 exposures to 1 without sacrificing the content of X. It's not perfect, but it's better. To eliminate the risk, I would have to sacrifice X itself, but I choose to accept that risk.

Note, also, that allowing ad servers is riskier than allowing content servers. Content servers can host malware in two major ways: compromise of the site, or cross-site scripting and related attacks. Ad networks are subject to hosting malware via the same methods as content servers, but they also deliberately accept code from third parties that might be untrusted. That's a different vector which historically has much higher incidence of hosted malware than content sites.

[Posting AC because I used mod points. -- morty]

Anti virus isn't totally useless (2)

countertrolling (1585477) | more than 3 years ago | (#34532192)

My MS messenger has been setting off the anti-virus alarms for several months now. They come in through the ads at the bottom of the main window.

Re:Anti virus isn't totally useless (0)

Anonymous Coward | more than 3 years ago | (#34532512)

Pidgin?

Solution (3)

Lucky75 (1265142) | more than 3 years ago | (#34532236)

For the very few oblivious people (esp on /.), here's your solution: Adblock [mozilla.org]

It's really just one more reason for me to not feel guilty about blocking ads. Sometimes I click on ads from sites which I trust and wish to support, but other than that, the hell with them.

How about Ubuntu instead of adblock? (0)

Anonymous Coward | more than 3 years ago | (#34532296)

Well there a better distro's but Ubuntu is best for doorknobs that say things like "Oh adblock your the greatest I want your juice".

When the fuck will ad networks learn? (2)

mysidia (191772) | more than 3 years ago | (#34532338)

ad network should serve the images/text and a link URL, nothing more

stop letting advertising providers provide custom HTML and remote-load scripts/images into ads

Re:When the fuck will ad networks learn? (3, Insightful)

jack2000 (1178961) | more than 3 years ago | (#34532380)

Some one should put an option in firefox( a native option mind you not a whole extension) that basically says break third party javascript. We'll see who wins the damn war then.

And if sites start puting bullshit javascript on the main domains then fuck em.

Re:When the fuck will ad networks learn? (0)

Anonymous Coward | more than 3 years ago | (#34532594)

They'll never do this, that way they'd end having larger bandwidth bills and their little consumer exploitation based buisness model will stop working as efficiently as it does now (Collect information, while being supplied third party ads they don't even need to host themselves). It's not going to go away, ever, unless they will be held responsible for things like this happing by a court ("Buts these are third parties").

Human factor? (2)

saikou (211301) | more than 3 years ago | (#34532378)

I find it a bit odd that an extra "f" would have duped "the system". I believe what may have been happening is that human verification part of the equation could have been "hacked".

You create an account, you specify where the banner data lives, it gets submitted for an approval.

Except in this case whoever looked at the data saw "trusted" domain and figured everything is fine. Heck, the "fake" domain could have served an innocent javascript up until owners knew that banner got approved, then swapped out the script and off the drive-by script malware goes.

And then Google/Doubleclick detects bait-and-switch ("hey, we didn't approve this virus!") and it gets flagged.

Block Doubleclick and MSN ads at firewall (1)

Animats (122034) | more than 3 years ago | (#34532384)

This is a strong argument for blocking DoubleClick and MSN's ad server at the corporate firewall.

This drive by thingy everyone is talking about (5, Funny)

Ismellpoop (1949100) | more than 3 years ago | (#34532390)

well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.

Re:This drive by thingy everyone is talking about (0)

Anonymous Coward | more than 3 years ago | (#34532438)

well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.

Yeah, you've gotta do it manually. Open up a terminal and run 'rm -rf ~/' and it ought to be a close approximation.

Who bares the cost? (1)

Required Snark (1702878) | more than 3 years ago | (#34532434)

This will never change as long as the companies that failed, MSN and Google, don't really bare the cost of their failure. Yes, they're really really sorry, but mostly because they lost some revenue. They couldn't care less about what happens to the end users.

If they had to pay real money proportional to the amount of damages the situation would be completely different. Estimate them number of visits to poisoned web sites, multiply that by the amount of time required to check for and fix damage, multiply that by a real per hour rate for someone to check all the machines, triple the dollar amount for punitive damages and present them with the bill. If this would happen one time I guarantee that neither Google or MSN would ever let this kind of problem happen again.

The same goes for Gawker loosing all those passwords and emails. So it puts them out of business. So what. Someone else will be glad to take their place. Good riddance to the fools who think that security is an unnecessary cost.

Put lame car analogy about exploding tires/engines/electronics here.

What I use. Is there more? (0)

Anonymous Coward | more than 3 years ago | (#34532488)

MSE + Chrome Incognito + Facebook Disconnect + Ghostery + Analytics Opt-Out + AdBlock

bluh (0)

Anonymous Coward | more than 3 years ago | (#34532516)

This is why I use Adblock Plus. :/
Glad a friend of mine told me about it. Not like I've been to a lot of Doubleclick or MSN webpages recently... if at all.

How is this News? (1)

_KiTA_ (241027) | more than 3 years ago | (#34532530)

How is this news? 90% of the Spyware I see comes from banner ads that redirect to malware.

Pick your poison:

1. Ad redirects upon load to Malware
2. Ad appears normal, redirects after X seconds to Malware
3. Ad appears normal, then redirects to Malware upon closure
4. Ad redirects to Malware upon specific click event (mouseover, clicking something in the page, etc)

Where Malware in this instance is 99% of the time a PDF exploit. And since Flash lacks basic security measures (such as, say, an option to refuse to run scripts in SWF files, or to refuse to open URLs without you clicking through, or...) well, you're screwed.

The solution is simple: Block Adobe products and cheap knockoffs (like Silverlight) from your machine outright.

This goes to show you (1)

Khyber (864651) | more than 3 years ago | (#34532562)

The only 'safe' way to serve ads is from your own databases, after having thoroughly checked the ads to be displayed for any malicious behavior.

As I stated yesterday, and got modded troll for; you can only be the provider yourself. You cannot trust anybody else. You must act as the filter or else you will hurt your customer base.

Re:This goes to show you (1)

Khyber (864651) | more than 3 years ago | (#34532570)

To add, this same statement holds true to my LED business. If I do not serve as the filter for all the marketing bullshit, I end up losing sales even though I never sold anything, because the potential customer base has become jaded and distrustful, either from personal experience with sham lights or through hearing about stories from other users about said sham lights.

There is no other way around this, it is a fact and cannot be changed. It is logical, and anyone that ignores it, especially content distribution networks, are going to suffer.

Block ads! (1)

xenobyte (446878) | more than 3 years ago | (#34532642)

I started blocking ads when they started blocking me or my use of webpages.

Static banner ads were okay, but as soon as they started blinking, jumping, making noise, popping up or sliding in front, they were unacceptable and had to go. It's a simple as that.

Using Adblock Plus with NoScript have made sure I've yet to experience my first ad-borne infection.

Why should this surprise anyone? (1)

wierd_w (1375923) | more than 3 years ago | (#34532734)

Personally, I'd be surprised at the discovery of an ad serving network that DIDN'T serve malware on the side.

I have never understood why advert networks allow their "Partners" to cross-load javascript, and other scripted media objects. If the advert requires a "phone home" script, then it should have that script hosted, and vetted by the advert network they are partnered with, rather than playing a shell game of spot the malware.

Any advert that tries to hot-load a javascript or other scripted media object should be immediately rejected. (it should be pretty trivial to catch such hot-loading attempts with a submission filter, same with loading PDFs, etc. Likewise the use of obfuscated javascript techniques should auto reject.)

There really is no reason for this, other than that the ad networks themselves dont trust EACH OTHER. (EG, they dont want their partners to get their 'oh so important' metrics data instead of them-- or rather, they want to get that data directly themselves, and dont trust their partners to give it to them quickly enough, or accurately. [the potential for the ad-host to screw over the ad-producer over faulty serving metrics would be outstanding if the ad producer had to rely on metrics recorded exclusively by the ad-host, but fuck them.])

Internet advertising is one of the few things about the modern internet that could actually stand to have a little multinational regulation imposed on it. (And then, purely technical regulations intended to greatly frustrate malware distribution, and nothing else.)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...