Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Poisoned Google Image Searches Becoming a Problem

Soulskill posted more than 3 years ago | from the quick-search-for-the-antidote dept.

Google 262

Orome1 writes "If you are a regular user of Google's image search, you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but they still have trouble when it comes to cleaning up its image search results."

Sorry! There are no comments related to the filter you selected.

fp (-1)

Anonymous Coward | more than 3 years ago | (#36059332)

suck my cock you faggots!

Re:fp (-1)

Anonymous Coward | more than 3 years ago | (#36059506)

Sure, why not? I haven't sucked cock since this morning.

cock in mouth (-1)

Anonymous Coward | more than 3 years ago | (#36059338)

Just because I put my Dick in your mouth without asking doesn't mean you were poisoned. Jeez....

Re:cock in mouth (-1)

Anonymous Coward | more than 3 years ago | (#36059958)

Speaking first-hand, that's 100% true.

im glad im not the only one (4, Informative)

metalmaster (1005171) | more than 3 years ago | (#36059342)

I was looking up images for a VP shunt when I came across a few poisoned links. I got scared for a minute because just hovering over the image triggered the payload for one of them

Re:im glad im not the only one (5, Funny)

WrongSizeGlass (838941) | more than 3 years ago | (#36059364)

To protect myself against these poisoned image search results I make sure I always use Lynx when I search for images.

Re:im glad im not the only one (-1, Redundant)

metalmaster (1005171) | more than 3 years ago | (#36059414)

haha! funny +5.

Re:im glad im not the only one (0)

Anonymous Coward | more than 3 years ago | (#36059492)

This is where I wish some of those old ASCII penisbird trolls would jump in

Re:im glad im not the only one (1)

Alex Belits (437) | more than 3 years ago | (#36059524)

lol penis birds X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Re:im glad im not the only one (5, Informative)

Nimey (114278) | more than 3 years ago | (#36059508)

lynx + zgv was how I used to view images on the Web about ten years ago. It worked surprisingly well, back before AJAX or Flash were used for navigation.

Re:im glad im not the only one (5, Funny)

Rizimar (1986164) | more than 3 years ago | (#36059926)

I pretty fluent in JPEG myself, though I read the files in a hex editor. You get used to it. I...I don't even see the code. All I see is blonde, brunette, red-head.

Re:im glad im not the only one (-1)

Anonymous Coward | more than 3 years ago | (#36059426)

According to our logs, you were actually searching for "pre-teen cunt".

-- Google.

Re:im glad im not the only one (1)

ae1294 (1547521) | more than 3 years ago | (#36059880)

I was looking up images for a VP shunt when I came across a few poisoned links. I got scared for a minute because just hovering over the image triggered the payload for one of them

That's why I've spent years building up a tolerance to poison links...

web 101: don't run unknown javascripts (4, Insightful)

Anonymous Coward | more than 3 years ago | (#36059392)

From TFA: "it displays another script - this time it's a JavaScript one - that redirects the browser to another compromised site that serves malware."

By 2011, it should be considered "web 101" to not run javascripts unless you have a reason TO run them. Most people seem to just run any old javascripts by default, without having the first clue what it might be doing. There can't be much debate that it's a stupid course of action, given how many people's machines are jacked by exactly that attack vector (albeit possibly using another as well).

Yeah, yeah, I know, you need javascript for your bank. That's great: whitelist your damn bank. But run only javascripts on your *whitelist*, not any thing any random yahoo from a site you've never heard of before wants you to run. Would you treat your physical possessions that way? Would you let a drug gang in eastern europe borrow your car with your permission? If not, why would you allow them to use your computer?

I swear that the reason I haven't had a malware in my entire PC using history, and others seem to have them on a weekly or monthly basis, is because I don't completely shut off my brain once the words "... on the computer" appear in a sentence.

Re:web 101: don't run unknown javascripts (1)

Anonymous Coward | more than 3 years ago | (#36059422)

"Most people seem to just run any old javascripts by default"

Maybe it's because Javascripts run by default, and most people use default settings for everything. My grandma isn't zer0cool.

Re:web 101: don't run unknown javascripts (1)

Anonymous Coward | more than 3 years ago | (#36059490)

So this argues that the default is backwards, not that the GP's point is wrong.

Re:web 101: don't run unknown javascripts (2)

Culture20 (968837) | more than 3 years ago | (#36059734)

Even if the defaults are reversed, what is grandma going to do, vet the JS code for every script that wants to run?

Re:web 101: don't run unknown javascripts (4)

93 Escort Wagon (326346) | more than 3 years ago | (#36059754)

Even if the defaults are reversed, what is grandma going to do, vet the JS code for every script that wants to run?

This is Slashdot - our posts are meant to demonstrate how 1337 we are, not an understanding of how the world actually works.

Re:web 101: don't run unknown javascripts (4, Insightful)

Frosty Piss (770223) | more than 3 years ago | (#36059446)

By 2011, it should be considered "web 101" to not run javascripts unless you have a reason TO run them. Most people seem to just run any old javascripts by default...

This is not going to happen. Many major websites, many of the highest traffic websites involve hundreds of JS scripts to make a single page function. Web 2.0 and all...

The *average non-techie web surfer* is simply NOT going to turn off JS.

Will not happen... So, it's not realistic or productive to waste time discussing such an option.

Sad, but true.

Re:web 101: don't run unknown javascripts (1)

Anonymous Coward | more than 3 years ago | (#36059472)

I see the point, but I'm not so sure I see it like that. I keep JS off by default, only whitelisting a few sites (and not all their XSS stuff), and everything is basically OK as far as I can tell. Have I seen a few things break? Yeah, but usually not anything I cared much about - just random domains that for all I know really were trying to serve malware. The major sites I use either work fine with no JS at all, or only need one or two to run. JS is not as indispensable as people think. 95% of what it appears to be used for is just to track your ass, and who needs that? I'd put it at about: 95%: tracking your ass. 4%: real stuff. 1%: serving malware.

Plus, if people started doing this en-mass (or browser vendors set the default that way), there would be considerable pressure on sites to work OK without all that shit.

Re:web 101: don't run unknown javascripts (2, Informative)

Anonymous Coward | more than 3 years ago | (#36059548)

As a professional web developer, we often write code that expects Javascript to work on our sites, because noone ever turns it off. We have some very high traffic sites, and outside of web crawlers, I don't believe we've seen it blocked, ever.

Re:web 101: don't run unknown javascripts (0, Flamebait)

Culture20 (968837) | more than 3 years ago | (#36059774)

As a professional web developer, we often write code that expects Javascript to work on our sites

You're the kind of stupid that makes a website that's just one big flash object with no links to non-flash content. As much as I hate to hate on them, Toys for Bob [toysforbob.com] has been the same kind of stupid for almost a decade, so at least you're in good company.

Re:web 101: don't run unknown javascripts (0)

Anonymous Coward | more than 3 years ago | (#36059924)

Hopefully someone will mod you TROLL. Or MORON.

Re:web 101: don't run unknown javascripts (2)

Culture20 (968837) | more than 3 years ago | (#36059974)

Hopefully someone will mod you TROLL. Or MORON.

Why? Have I been Wooshed? I had to inform our own web devs that our website doesn't work without flash and JS, and they didn't see the problem either. It's as bad as a sysadmin suggesting RAID0 because he's never seen a drive die. Maybe troll for the TFB comment? I notified them of their error in 2002 when they changed to the big flash object (back when few people used flash), now that flash is being blocked in companies and iP[od/ad/hone]s don't have flash, it still boggles me why they don't have at least a simple "here's who we are" that's just simple html.

Re:web 101: don't run unknown javascripts (0)

Anonymous Coward | more than 3 years ago | (#36059776)

You havn't looked very hard then. It may not be a huge number of people blocking it, but we do exist. Perhaps people get disgusted with your page which depends on java that they go elsewhere.

It may not be a huge deal now but eventually enough people will block by default that it will affect your page views, and then you'll be redesigning your page to allow for no java. Have fun doing your job twice asshole.

Re:web 101: don't run unknown javascripts (2)

0123456 (636235) | more than 3 years ago | (#36059808)

We have some very high traffic sites, and outside of web crawlers, I don't believe we've seen it blocked, ever.

NoScript claims to have downloaded 84,000,000 times, so I can only presume that people running it are unlikely to visit your sites.

Re:web 101: don't run unknown javascripts (3, Informative)

Tacvek (948259) | more than 3 years ago | (#36059740)

The trouble is that you likely get a substantially degraded experience on some sites. Many well developed sites use AJAX to speed up navigation[1], falling back on a full request when JavaScript is disabled. Similarly many sites implement convince features like jquery-based auto-completion which help make the site easier/faster to use, but again the site continues to function even with JavaScript turned off. You likely never even realize that you are getting a degraded experience because the site did not completely break.

That is a large part of the reason I actively do not recommend NoScript or similar solutions, favoring blacklisting known bothersome scripts, and using sadboxes and equivalent to guard against the unknown.

[1] You only need to download the changed portion, and browsers can update a page in place faster than re-rendering the whole page.

Re:web 101: don't run unknown javascripts (2)

RobbieThe1st (1977364) | more than 3 years ago | (#36059896)

Course, near as I can tell, computers these days can re-render the page fast enough that it doesn't matter: It's internet connection speed and latency that's important.
I, for one, hate ajax crap: It's almost always slower for me(due to them always using multiple requests, across multiple servers usually) than a single, straight HTML page with everything else being cached. Of course, the ajax'd page loading new ad-code may have something to do with it -- Turning on NoScript speeds up some pages loading by 10x at least!

Re:web 101: don't run unknown javascripts (5, Informative)

Anonymous Coward | more than 3 years ago | (#36059558)

This is not going to happen. Many major websites, many of the highest traffic websites involve hundreds of JS scripts to make a single page function. Web 2.0 and all...

Ironic, given that Google recently (this month) just changed its behavior to practically require Javashit.

Old hotness: (1) Google "foo". (2) Click "Images" tab at top of screen for a GIS for "foo".

New and busted: (1) Google "foo". (2) Click "Images" tab at top of screen for... "Your search - foo - did not match any documents." (3) curse, click "Images" tab again - to go to http://www.google.com/imghp?hl=en&tab=ii [google.com] , and (4) have to type "foo" again in order to GIS "foo". (Or remember to start at images.google.com, which is an issue when you might not be sure which terms to use when searching for the image in the first place)

Turn Javashit on, and clicking the tab works just fine... but whatever Google changed broke the non-Javashit version of GIS.

Sorta like last month - maps.google.com is an AJAX app, so it's reasonable for it to require Javascript. But it used to work fine without cookies enabled. Now, it requires both Javascript and cookies. Interesting.

Just tested/confirmed both of these on Firefox 3.6.16.

What Facebook does overtly, Google does by benign neglect and failure to regression-test. What's next? Google services simply stop working for Firefox and require Chrome?

Re:web 101: don't run unknown javascripts (2, Interesting)

Anonymous Coward | more than 3 years ago | (#36059968)

You can fix this by adding "&gbv=1" to your search search string. If you want it as a seach plugin save http://pastebin.com/GswQX4V5 as an xml file in your searchplugins folder.

Re:web 101: don't run unknown javascripts (1)

WuphonsReach (684551) | more than 3 years ago | (#36059564)

This is not going to happen. Many major websites, many of the highest traffic websites involve hundreds of JS scripts to make a single page function. Web 2.0 and all...

The *average non-techie web surfer* is simply NOT going to turn off JS.


They will after their machine has to be taken into the shop again for maintenance due to being infected by drive-by exploits like this.

I've converted quite a few non-technical users over to using Firefox + FlashBlock + NoScript over the past few years. The results is that they whitelist the handful of sites that they care about, temporary whitelist for sites that are a one-time visit, and everything else stays blocked.

It's not a perfect solution, but the result for them is none of them have been infected since they switched. Cuts their risk factor by probably at least one or two orders of magnitude. Combine that with not letting them run as an admin user on XP, and even if the machine is infected, odds are 10:1 that it will only manage to infect the user's profile instead of the entire machine.

Re:web 101: don't run unknown javascripts (2, Informative)

Anonymous Coward | more than 3 years ago | (#36059634)

Firefox + FlashBlock + NoScript

What's the point? NoScript is FlashBlock and then some.

Re:web 101: don't run unknown javascripts (4, Insightful)

Frosty Piss (770223) | more than 3 years ago | (#36059656)

They will after their machine has to be taken into the shop again for maintenance due to being infected by drive-by exploits like this.

You might think, but there is a lot to suggest that what you suppose is not the case.

The fact is, the average non-techie user values "interactive" over "secure". Those in the business of servicing PCs on the consumer level will tell you this.

Re:web 101: don't run unknown javascripts (2)

Low Ranked Craig (1327799) | more than 3 years ago | (#36059582)

Why sad? THe ability to have portions of the page refresh without round-tripping to the server for a whole new page is only one of the highly useful functions provided by JS.

Re:web 101: don't run unknown javascripts (3, Insightful)

Undead Waffle (1447615) | more than 3 years ago | (#36059764)

Why sad? THe ability to have portions of the page refresh without round-tripping to the server for a whole new page is only one of the highly useful functions provided by JS.

It's useful when used correctly. But when all of the links are JS and I can no longer middle click to open in new window I get annoyed.

Re:web 101: don't run unknown javascripts (1)

0123456 (636235) | more than 3 years ago | (#36059816)

It's useful when used correctly. But when all of the links are JS and I can no longer middle click to open in new window I get annoyed.

And I really hate sites which break the back button because the site is all Javashit. Hotmail is a glaring example.

Re:web 101: don't run unknown javascripts (5, Insightful)

blindseer (891256) | more than 3 years ago | (#36059482)

It's 2011, there should not be anything a Javascript can do that is harmful to your computer.

Re:web 101: don't run unknown javascripts (0)

Anonymous Coward | more than 3 years ago | (#36059534)

"there should not be anything a Javascript can do that is harmful to your computer."

You are probably correct, but since that is not the present state of affairs, the best way to deal with the actual reality appears to be not running JS by default. At such time that your wish becomes reality, one can re-evaluate. For now, wishing a thing true does not make it so. Sticking one's head in the sand about it only makes that person vulnerable.

The difference between a victim and a non-victim is often not who was targeted, but who took steps to avoid being that victim. It doesn't absolve the attackers of responsibility, it just means that it's stupid to walk down a dark alley in a run down neighbourhood flashing the bling and carrying a wallet with $1000 in it.

Re:web 101: don't run unknown javascripts (0)

Anonymous Coward | more than 3 years ago | (#36059602)

It is reality. Virtually all known (persistent) drive-by 'malware' infections are stopped either by plugin disabling or at the sandbox boundaries.

Re:web 101: don't run unknown javascripts (1)

Frosty Piss (770223) | more than 3 years ago | (#36059890)

the best way to deal with the actual reality appears to be not running JS by default

And Homer Simpson once said...

...I'm the magical man, from Happy Land, who lives in a gumdrop house on Lolly Pop Lane!!!!

Frankly, those who take your view might as well simply run Lynx. Or skip surfing the web.

Re:web 101: don't run unknown javascripts (1, Offtopic)

Nyder (754090) | more than 3 years ago | (#36059696)

It's 2011, there should not be anything a Javascript can do that is harmful to your computer.

It's 2011, where's my damn flying car?

Re:web 101: don't run unknown javascripts (5, Funny)

93 Escort Wagon (326346) | more than 3 years ago | (#36059760)

It's 2011, there should not be anything a Javascript can do that is harmful to your computer.

It's 2011, where's my damn flying car?

It's held up in pre-production until they can fix a persistent Javascript bug.

Re:web 101: don't run unknown javascripts (3, Insightful)

jabberw0k (62554) | more than 3 years ago | (#36059976)

Indeed. This whole article confuses me. I have been doing web development since the 1990s and the whole point of Javascript was that it cannot cause a program to be run or installed on your computer... otherwise the web browser is insecure. If Javascript code can permit code to run on your computer, that would be a show-stopping browser bug! If that is true, then the only way to prevent this is to stop using that broken browser entirely. But that cannot be the case, can it?

I find it hard to understand why this whole article is a problem...

Re:web 101: don't run unknown javascripts (1)

makubesu (1910402) | more than 3 years ago | (#36059562)

Only run javascript on approved sites? I've tried this before, and to be honest it makes using the internet a pain. Instead, I prefer to, oh you know, not run an operating system that is susceptible to malware attacks.

Re:web 101: don't run unknown javascripts (4, Insightful)

AsmordeanX (615669) | more than 3 years ago | (#36059574)

I tried running with Javascript disabled. Five years ago you could get away with it. Now so many sites, especially with jQuery being so pervasive, simply don't work with JS disabled or you get an ugly broken thing.

I hear the claim, "Well you can run it on trusted sites". What has the site done to earn my trust? Why couldn't a malicious site appear interesting enough to prompt you to turn JS on and thus be attacked. Only a little social engineering can defeat NoScript. Whitelisted sites can become compromised as well.

Re:web 101: don't run unknown javascripts (1)

Anonymous Coward | more than 3 years ago | (#36059662)

> Why couldn't a malicious site appear interesting enough to prompt you to turn JS on and thus be attacked

The word was trusted, not "interesting".

My bank = trusted.
Random thing linked to from fark: interesting, but not trusted

Whitelist only trusted things. If it means you don't see some dancing walrus but your machine doesn't end up with a keylogger sending your bank password to Nigeria, that's probably an OK tradeoff for most people.

Re:web 101: don't run unknown javascripts (1)

0123456 (636235) | more than 3 years ago | (#36059862)

If it means you don't see some dancing walrus but your machine doesn't end up with a keylogger sending your bank password to Nigeria, that's probably an OK tradeoff for most people.

Sadly, I don't think you know 'most people'.

Re:web 101: don't run unknown javascripts (3, Insightful)

Low Ranked Craig (1327799) | more than 3 years ago | (#36059580)

Uh, no. Javascript is required for a significant portion, I'd say most, of the high traffic sites out there. It is simply not feasible, or acceptable to suggest that all users disable a significant portion of the functionality of the web.

You have to run them (1)

Snaller (147050) | more than 3 years ago | (#36059614)

"By 2011, it should be considered "web 101" to not run javascripts unless you have a reason TO run them. "

I tried the noscript crap for a moment, every single page has tons of javascript, most of them don't work if its disabled. Its possibly you just browse to your homepage made in notepad, but for the rest of the world YOU MUST HAVE JAVASCRIPT ON.

Re:You have to run them (2)

Abstrackt (609015) | more than 3 years ago | (#36059738)

Try YesScript [mozilla.org] . You can blacklist sites that cause problems while letting the rest through without having to explicitly whitelist them.

Re:You have to run them (2)

0123456 (636235) | more than 3 years ago | (#36059848)

Try YesScript [mozilla.org] . You can blacklist sites that cause problems while letting the rest through without having to explicitly whitelist them.

Great idea. Then I can blacklist www.thissiteissafehonest.com _AFTER_ it's used Javashit to download malware to my computer.

Disabling Javashit by default is the only safe way to browse the web these days.

Web 101: Google don't fuckin work without js (1)

poptones (653660) | more than 3 years ago | (#36059728)

That's the problem. They had a GREAT web search page but then had to fuck it up with IFRAMES (web security 101: IFRAMES are not made for use outside a corporate firewall) and eight layers of javascript. I use google image search a LOT and the solution ultimately came down to me carving out a command line google grabber as a means to avoid all their bullshit.

gggrabber -a -s xga +its+britney+bitch|wget -i -

It sucks not having instant real time update on search terms, but it's a lot less dangerous to sort through a bunch of extraneous images than to use that fucked up "improved" google image search.

So... (2)

Mashiki (184564) | more than 3 years ago | (#36059398)

Can we scrap the entire js system now and rebuild it from scratch so it stays inside a fucking sandbox this time?

Re:So... (1)

larry bagina (561269) | more than 3 years ago | (#36059448)

This "attack" uses javascript to redirect. If javascript can redirect, a sandbox won't help. If javascript can't redirect, a sandbox isn't necessary.

Re:So... (2)

ChunderDownunder (709234) | more than 3 years ago | (#36059546)

Ummm... Isn't specifying what actions a script can perform the definition of a sandbox?

accessing the filesystem, launching popup windows, transmitting content outside of the original domain, redirection, cookies, etc.

These are all permissions that should be codified by the scripting engine's security manager and configurable by the end-user on a site-by-site option.

Re:So... (2)

larry bagina (561269) | more than 3 years ago | (#36059586)

I can ask javascript to suck my cock all night long, but it doesn't. Even in browsers without a sandbox.

Use an alternative search. (3, Insightful)

Deathlizard (115856) | more than 3 years ago | (#36059438)

At this point, I feel SEO poisoning is so bad on Google that I find myself using other search engines more since they don't seem to be as big of a target.

Altavista, Ask and Bing have just been giving me more relevant search results lately. Google seems to like to show more SEO sites, forum reposters that just repost the same forum entries over and over and "Meta Search" sites such as software informer and alibaba.

Image search Rogueware poisoning is yet another reason to start looking somewhere else for search results.

Re:Use an alternative search. (3, Interesting)

Pseudonym Authority (1591027) | more than 3 years ago | (#36059486)

Altavista, Ask and Bing have just been giving me more relevant search results lately.

Somewhat interestingly, and wildly offtopic, Altavista is powered by Yahoo, and Yahoo is powered by Bing, so you are really only using at most 2 search engines. (Ask also outsources to someone, but they don't say who, so it may very well be M!r0$0f+ as well).

Re:Use an alternative search. (4, Funny)

Undead Waffle (1447615) | more than 3 years ago | (#36059784)

Altavista, Ask and Bing have just been giving me more relevant search results lately.

Somewhat interestingly, and wildly offtopic, Altavista is powered by Yahoo, and Yahoo is powered by Bing, so you are really only using at most 2 search engines. (Ask also outsources to someone, but they don't say who, so it may very well be M!r0$0f+ as well).

And Microsoft copies Google's search results so in the end everyone is just using Google!

Re:Use an alternative search. (1)

VortexCortex (1117377) | more than 3 years ago | (#36059500)

Image search Rogueware poisoning is yet another reason to start looking somewhere else for search results.

CORRECT. The more people stop using Google, the better their search will get -- They surely prioritize things; If everyone is displeased but keeps using their product out of habit then it's not as big of a priority. If they start losing lots of visitors over it then it will get fixed.

Re:Use an alternative search. (0)

Anonymous Coward | more than 3 years ago | (#36059636)

You can easily block any site from appearing in your Google search results.

screenshots (5, Informative)

cobbaut (232092) | more than 3 years ago | (#36059444)

Two weeks ago I put some screenshots of what it looks like on my blog:
http://cobbaut.blogspot.com/ [blogspot.com]

Re:screenshots (0)

Anonymous Coward | more than 3 years ago | (#36059494)

I tried the link. An image displays as expected and... nothing else.

NoScript is the best plugin ever!!!

Re:screenshots (1)

Anonymous Coward | more than 3 years ago | (#36059554)

Two weeks ago I put some screenshots of what it looks like on my blog:
http://cobbaut.blogspot.com/ [blogspot.com]

Cool, I was worried my OS was bought out by Microsoft and they gave me a C: drive

Re:screenshots (1)

MBCook (132727) | more than 3 years ago | (#36059702)

I saw that particular trick when someone at my office ran into it about a year and a half ago. I realized what it was (they thought it was real) so I decided to try an experiment...

I pulled up the address on my iPhone and got the same thing. It looks really neat to see an iPhone show Windows Explorer and run a fake virus scan.

I was very impressed though. It's a quite convincing simulation, much better than the old generic "Your computer has a virus" image pop-ups with flashing text.

Re:screenshots (0)

Anonymous Coward | more than 3 years ago | (#36059758)

Damn, I tried the badware link on my jailbroken iPhone and it actually downloaded a file and tried installing a debian package...on my PHONE.

What the fuck man.

Re:screenshots (3, Interesting)

bmo (77928) | more than 3 years ago | (#36059722)

I've seen it. It detects Chrome and puts up a fake Chrome screen.

The problem is that the dialog is modal and steals focus from Chrome. You can't simply close the tab. So you click, it does its "scan" and gives a heads-I-win-tails-you-lose dialog and you click that and you wind up downloading a windows executable, and that's when Chrome finally steps in and says "hey, this is an executable file, do you really want this?" and that's the only place you can say no-thanks.

The only other solution is to force-kill (kill -9) the entire Chrome window at the start.

Chrome should allow you to close a tab and anything else attached to it, at any time. The current situation is unacceptable from a user's POV.

I did this in Linux, but having wine installed means that this could be a vector for malware in Linux, too, with a little more work.

inb4 "but no malware writer cares about linux" and "hurr, wineserver is a user process, so it makes no sense to have autorun malware as a user" (as if anyone ever checks his .bashrc or .profile). The only thing I see as a barrier to this foolishness is the relative intelligence of your average Linux guy (me) versus the typical Windows user in deciding not to run something thrust at the browser for download from a bad website.

--
BMO

Re:screenshots (1)

Barbarian (9467) | more than 3 years ago | (#36059818)

Chrome should allow you to close a tab and anything else attached to it, at any time. The current situation is unacceptable from a user's POV.

Chrome? Can't you use the Shift-Esc built in Chrome task manager and kill the window?

Re:screenshots (1)

bmo (77928) | more than 3 years ago | (#36059872)

What ordinary user knows about the Chrome task manager?

Remember that I'm trying to look at it from a "joe user" perspective, not an expert's perspective. Granted I said "kill -9" there but that was to illustrate the point that an ordinary user has no way to really back out once the script has started to operate, and that starts as soon as the person navigates to the page.

--
BMO.

Re:screenshots (-1)

Anonymous Coward | more than 3 years ago | (#36059822)

I tried that Linux shit. It looked like my ThinkPad should have had a Fisher-Price nameplate on it.

Fuck that queer as noise.

I see how it is (-1)

Anonymous Coward | more than 3 years ago | (#36059458)

When it's something you agree with, it's the innocuous and comedic "google bombing", but when it's something you don't agree with or is a detriment to you, it's the dangerous and insidious sounding "search poisoning".

Re:I see how it is (0)

Anonymous Coward | more than 3 years ago | (#36059646)

"bombing" is innocuous and comedic? I take it there hasn't been a war in your country recently.

So... (1)

Jaktar (975138) | more than 3 years ago | (#36059464)

Since they're detecting Google, Bing is safe? Wouldn't Bing pretty much slurp the same data while crawling and display pretty much the same result?

Violence is required (4, Interesting)

erroneus (253617) | more than 3 years ago | (#36059480)

The people who are doing this are criminals. They need to be stopped. It's as simple as that. Follow the money and beat the crap out of them until it stops.

Re:Violence is required (1)

Corse32 (682019) | more than 3 years ago | (#36059752)

Hell yeah, let's just do it man... it sounds straightforward enough... Sounds like in an old western, the malware monetizers are the baddies in black robbing trains, and we can be the posse of marshalls tracking them by analysing their leavings. I'm going to call this goodie gang: "Literally *all* of the best hackers /in the world/ (who aren't criminals)" Our motto will be "Cyber bad guys - they need to be stopped"

a couple add ons that help (5, Insightful)

d6 (1944790) | more than 3 years ago | (#36059542)

I surf with requestpolicy and noscript up. It is utterly amazing the number of websites that can't render a page without firing scripts or loading content from 6, 8, 10 or more different domains.
If you haven't tried these, do it and be amazed at how many sites load without stylesheets, pictures etc. It's amazing how badly shit is implemented - zero thought about graceful degradation.

no script [noscript.net]
requestpolicy [requestpolicy.com]

Re:a couple add ons that help (1)

Runaway1956 (1322357) | more than 3 years ago | (#36059592)

I just run AdBlock Plus. The newer versions include anti-XSS. A guy can load Firefox with to many addons, after all.

Re:a couple add ons that help (3, Insightful)

Low Ranked Craig (1327799) | more than 3 years ago | (#36059612)

Not zero thought about degradation and not bad implementation. This isn't the same as developing for IE for example. It's simply that implementing features two ways - one for JS and one for no, takes more than twice as much effort, so it doesn't get done. I've told clients before about the JS issues, but what it comes down to is the client doesn't want to spend twice as much to service the 2% that turn off JS. Period. They get a message that tells them to enable JS to use those functions. It's cost vs. benefit 101.

Re:a couple add ons that help (1)

d6 (1944790) | more than 3 years ago | (#36059944)

I say "zero thought" and "bad implementation" because very few of the pages I see rendering like shit add the what? 3 lines? of html and javascript required for a "no script" notice. I suspect it is less a reasoned choice to throw 2% of your traffic overboard than a lack of knowledge.

Re:a couple add ons that help (2)

non-registered (639880) | more than 3 years ago | (#36059686)

Same here: no script & requestpolicy. The amount of tweaking required to surf safely tends to make me visit less than a dozen sites regularly.

Slashdot Promoting Plagiarism (2)

lee1 (219161) | more than 3 years ago | (#36059550)

The summary contains two links. The first is to an article that plagiarises the second, padding the lifted paragraphs with barely intelligible proto-English. What a disgrace.

Mac is vulnerable too (5, Informative)

Teckla (630646) | more than 3 years ago | (#36059576)

My wife got bitten by this just today.

She navigated to a web page from a Google search result, and Safari automatically downloaded some malware and executed it.

I didn't believe my wife's story at first, so I tried it. Sure enough, automatic download and execution on Mac/Safari.

What the fuck, Apple and Safari?

The only question that remains is whether I'll be moving her to Firefox or Chrome...

Re:Mac is vulnerable too (3, Informative)

larkost (79011) | more than 3 years ago | (#36059652)

It did not download and execute, it downloaded and opend the installer. Your wife would have had to go clicking through a an installer, and provided her admin credentials, in order to have installed/run something.

While this is bad behavior, and will probably finally convince Apple that .pkg should not be on the list of auto-launched items, this is also not the "sky is falling" situation that your post makes it out to be.

Re:Mac is vulnerable too (4, Insightful)

Teckla (630646) | more than 3 years ago | (#36059698)

It did not download and execute, it downloaded and opend the installer. Your wife would have had to go clicking through a an installer, and provided her admin credentials, in order to have installed/run something.

Sorry, I'm not a Mac expert. All I know is that it automatically downloaded something, and automatically executed something. I'm not technically knowledgeable enough about OS X to know that, even though we immediately exited the malware installer, that nothing bad could possibly have happened.

And I'm still not convinced the malware installer didn't do something bad before it popped up its first GUI window. I'm not accusing you of being a liar, but my wife uses her Mac to access our bank accounts and such. I have no choice but to nuke the site from orbit (reinstall OS X). I'd like to trust that because someone on the Internet said I'm safe and not to worry about it, that I can just plain not worry about it, but I just can't take that risk.

At the end of the day, Apple/Safari's amazingly fucked up defaults burned us good and hard. It'll take me days to fully reload and reconfigure her machine.

Thanks, Apple...

Re:Mac is vulnerable too (0)

Low Ranked Craig (1327799) | more than 3 years ago | (#36059750)

Sorry, I don't buy this. Please post the offending link. It might have downloaded and mounted a DMG, but default settings do not allow for auto installation.

Re:Mac is vulnerable too (4, Interesting)

cathector (972646) | more than 3 years ago | (#36059966)

i've been on osx for about two years, and just yesterday had my first malware experience,
which is pretty much identical to Teckla's: i was in safari and followed a GIS link for "blanket octopus"
and clicked on one of the pictures, and got a pop-up browser with some "security scan in progres.." BS dialog.
no big deal.
but then the OSX package installer opened up, trying to install some obvious malware .mpkg which had been downloaded to my desktop.
downloading a file without my permission is already a total security fail, imo, but running the installer on it is beyond bad.
obviously i nixed the installer and power-cycled and so far haven't noticed anything untoward, but it's scary.
the name of the .mpkg was "MacProtector.mpkg". unfortunately i rm -rf'd without making an archive of it.
- google shows a few hits for that. so, in short, yeah, Teckla's experience matches mine.

Re:Mac is vulnerable too (1)

TangoMargarine (1617195) | more than 3 years ago | (#36059930)

Isn't it disingenuous to criticize Apple for putting you into a situation that you have decided is unfalsifiably dangerous?

Re:Mac is vulnerable too (4, Informative)

slyborg (524607) | more than 3 years ago | (#36059660)

Turn off "Open Safe files after downloading" in Safari Preferences. (-_-)
Chrome is definitely faster, but doesn't have NoScript and uses more RAM.

Re:Mac is vulnerable too (0)

Anonymous Coward | more than 3 years ago | (#36059666)

The same thing happened to me. I told your wife she was cute (a white lie if ever there was one!) and then I fucked her. If you want to try it for yourself, you can watch me next time I fill her pussy with baby batter :-)

Re:Mac is vulnerable too (1)

Anonymous Coward | more than 3 years ago | (#36059668)

For some time back in the Tiger / early Leopard days, Safari was set to automatically open downloads (the option to disable it is in preferences). Apple realized the huge security issue this was, and changed the default, but depending on how you've updated your Mac since then, Safari may still be set to do that.

The short version: Macs don't do that anymore (by default) and haven't for a while. =P

Of course...on a Mac, the malware isn't going to be doing too much without admin privs, so there's that at least. =)

Re:Mac is vulnerable too (1)

jo_ham (604554) | more than 3 years ago | (#36059676)

What was the link? What was the malware?

I want to test this.

What happened? I am assuming it downloaded an actual executable Mac application - by default Safari *will not* open these without your express permission, and then the system will also ask you for certain filetypes downloaded from the internet whether you really want to run them - the metadata logs the originating site.

What *exactly* executed, and what was the result?

I would be interested to know what malware got past, and what her settings in Safari were.

Re:Mac is vulnerable too (4, Informative)

Teckla (630646) | more than 3 years ago | (#36059756)

What was the link? What was the malware?

I'm sorry to say I no longer have the link. I can tell you my wife was searching for something to the effect of "fairy wings" or "tinkerbell wings" with my young daughter, and that the link she ultimately clicked on was a .ms address. That might help you hunt down the same link, since this happened less than 8 hours ago.

What happened? I am assuming it downloaded an actual executable Mac application

I don't recall the exact thing it downloaded, but I recall it ended with .mpkg and was actually a directory I was able to navigate into using Terminal.

It automatically popped up some kind of installer for MacProtector, which is apparently malware (based on my Googling). I'm pretty good on Windows and Linux, but I know next to nothing about the Mac. I'm not aware of any really low level geekery details like "Mac installers are always 100% safe! Just cancel out of them!" or anything like that. I'm confident it didn't have root access, but even with just my wife's login credentials, my suspicion is that it could have done a lot of damage.

What *exactly* executed, and what was the result?

She clicked on a Google search result. The Downloads dialog box popped up. It downloaded something almost too quickly for the eye to see. Some kind of malware installer than displayed a GUI. It looked like the very first step of the installer. There was a Continue button.

I would be interested to know what malware got past, and what her settings in Safari were.

I'm sure her Safari settings were almost entirely set to their defaults. The Mac is supposed to be the "safe" computer. Or so we thought...

I'm sure the Slashdot crowd will come down hard on me over this. I fully expect my intelligence to be questioned and to be modded into oblivion. But really, I don't see how an average user should respond to this except to assume the worst and reinstall OS X.

And I really do blame Apple for setting absolutely bone headed defaults on Safari.

Re:Mac is vulnerable too (4, Informative)

techtech (2016646) | more than 3 years ago | (#36059842)

Safari / Mac OS X latest versions as 08.05.2011 CET As I happen to use the Google image search a lot, and open each image (from google results) in a tabs (collect them) and after that reviewing them. Today I searched for different architecture related things and managed to open this this FAKE AV page, a lot of times, differnt pages. And the file that is downloaded is "anti-malware.zip" [1,9 MB on disk (1 872 571 bytes)]. This file contain "MacProtector.mpkg." I am sure I do not have the default settings, because I review every programs settings before I am starting using it, as a common proceedure. I have the open secure files automatically option off, it was not opened. As far as I know Safari does not consider a zip a secure file, and there is not an automatic execution of mpkg inside a zip as standard?

Re:Mac is vulnerable too (2)

jo_ham (604554) | more than 3 years ago | (#36059886)

No, Safari won't execute a an .mpkg as standard - that's an installer file and would require other user interaction (clicking next etc) to step through, and your admin password if it was going to go outside your home folder at all. So if you don't fall for the social engineering you can stop it at that point.

It looks like it must be a trojan of some kind, but no different to any standard trojan: you have to have the user install it.

Re:Mac is vulnerable too (1)

cathector (972646) | more than 3 years ago | (#36059978)

i had a very similar experience yesterday. was GISing in safari for "blanket octopus" and suddenly the osx installer was running. the offending file was also MacProtector.mpkg, which had been downloaded to the desktop.

Re:Mac is vulnerable too (1)

jo_ham (604554) | more than 3 years ago | (#36059908)

It sounds like a trojan of some kind. By default (and Safari had the default options changed a few versions back - I can't remember if it was to be off by default or by on, mine is set to "off"), and while it will treat a zip file as ok to decompress and a disk image similarly (it will mount them with that checkbox on), the .mpkg is an installer package, rather than the trojan itself and as you saw you need to step through it manually (and provide admin password if it goes outside home) to get it to install - a social engineering problem.

Now, I definitely think it is a bad idea for Safari to decompress zip archives and mount disc images by default - with the setting for "safe" files off, while it might download it would not go beyond that.

I do not agree with Apple that .zip should be considered a "safe" file.

Re:Mac is vulnerable too (1)

TangoMargarine (1617195) | more than 3 years ago | (#36059964)

I was dope and fell for one of those "we have an invoice about a package that you ordered about to be delivered to your home" emails a month or two back. I downloaded the zip file, cracked it open, and ran the file before I noticed it was an exe, NOT a pdf as the icon suggested (this after me being one of those people who gets disgruntled about the system default in all the comp labs being to hide file extensions and telling multiple people about why this was a bad idea). After running a few different disinfectant programs on it, everything seemed to have cleared up and as far as I could tell my computer was back to normal.

Cut to this morning, when I booted up to have the thing suddenly reassert itself from out of the blue and start "scanning for infections" again. At that point, I said "fuck it" and reinstalled Windows. I'm a CS major, but I don't want to spend the time to find a definite way to prove to myself that my system is clean that's better than asking the other CSSE people what they use, running said program(s), and taking it on faith that when they tell me "you're clean," I actually am.

So to conclude my previous post, yes the situation sucks, but I don't see how it's particularly Apple's fault. As they like to say here on Slashdot, a lot of Macs' security isn't inherent, it's due to its smaller market size, and they've had articles about how they're being targeted more now, so hey...

Re:Mac is vulnerable too (1)

armanox (826486) | more than 3 years ago | (#36059806)

Not sure if this is what they ended up with, but see the blog post linked in this post [slashdot.org] that goes to it. Warning - Windows boxes are also very vulnerable to the same link.

A suggestion to browser vendors (0)

Anonymous Coward | more than 3 years ago | (#36059878)

FTFA: but believes that Google could help by not using an iframe to display the results.
The browser vendors could help by making it impossible for an iframe from a different domain to do anything to the page outside it, including navigating away. I've had this happen quite recently; it wasn't trying to serve me malware, just a run-of-the-mill ‘break-out-of-frames’ script, but it was still mightily annoying.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?