×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Use Banner Ads on Major Sites to Hijack Your PC

CmdrTaco posted more than 6 years ago | from the i-knew-advertising-was-bad-for-us dept.

Security 268

The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software. And the ads do their dirty work even if you don't click on them.The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick's DART program. Web publishers use the DoubleClick-hosted platform to manage advertising inventory." CT: Link updated to original source instead of plagerizer.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

268 comments

I only found these ads on.... (0)

Anonymous Coward | more than 6 years ago | (#21407659)

....porn sites

Re:I only found these ads on.... (1, Insightful)

El Lobo (994537) | more than 6 years ago | (#21407873)

Actually, this is not news. Those of you who are/wee usual visitors of WaReZ sites or WareZ engines like astalavista.com will know that this kind of "ads" have out there working for years now. The difference is that now it seems like respetable sites are hosting them directly or indirectly via some ad provider.

BTW these ads are not directly dangerous unless you are running on some old browser/old Windows system, but yes, they are annoying as hell.

Re:I only found these ads on.... (5, Informative)

morgan_greywolf (835522) | more than 6 years ago | (#21408213)

BTW these ads are not directly dangerous unless you are running on some old browser/old Windows system, but yes, they are annoying as hell.
Um, wrong. Watch the video [youtube.com]. The guy is running Windows XP SP 2.

Re:I only found these ads on.... (1)

gazbo (517111) | more than 6 years ago | (#21408731)

Yup. And it doesn't do anything "directly dangerous" as the parent said. It politely asks you to download and run a trojan. If you say no....nothing happens.

Re:I only found these ads on.... (1)

El Lobo (994537) | more than 6 years ago | (#21408733)

That's why this is not so bad. You get the "Do you really want to run...?' dialog, so the user knows that something is going on. On older systems the system would just directly run the exe.

Re:I only found these ads on.... (3, Informative)

foobsr (693224) | more than 6 years ago | (#21408259)

WareZ engines like astalavista.com

It is 2007!

They now say: "Note: Astalavista.com is NOT affiliated with Astalavista.box.sk, there are NO cracks/serials/keygens/warez etc. hosted on the Astalavista.com's server, and never were! Moreover, Astalavista.com is a security site, therefore requests for anything illegal are simply directed to the wrong party, and get ignored immediately!"

CC.

That's some sleazy shit! (0)

Anonymous Coward | more than 6 years ago | (#21407671)

I hope whoever is doing this eventually gets theirs.

What goes around comes around.

What are these "ads" you're talking about ? (5, Insightful)

galaad2 (847861) | more than 6 years ago | (#21407683)

That's why Firefox+NoScript+AdBlock Plus+Flashblock were invented

Re:What are these "ads" you're talking about ? (0)

Anonymous Coward | more than 6 years ago | (#21408145)

If you have Noscript, do you still need Flashblock?

I use Opera (which BTW, has all of those built-in) now instead of Firefox, but doesn't Noscript block plug-ins?

Re:What are these "ads" you're talking about ? (1)

kayditty (641006) | more than 6 years ago | (#21408207)

What version of Opera are you using with ad blocking and script blocking built-in? Yours seems to have more features than mine. dtim

Re:What are these "ads" you're talking about ? (0)

Jarjarthejedi (996957) | more than 6 years ago | (#21408245)

Nope, but it can't hurt (except maybe your loading time a little, but with 60+ extensions my FF still loads almost as fast as a blank install). I run NoScript but not FlashBlock and do just fine, but other people might want additional security, even if it's useless (I also have 2 software and 1 hardware firewall, and am considering adding another software, no reason not to).

Re:What are these "ads" you're talking about ? (1)

FudRucker (866063) | more than 6 years ago | (#21408333)

with NoScript the use of FlashBlock is redundant, NoScript blocks all plugins (not just flash)...

Re:What are these "ads" you're talking about ? (0)

Anonymous Coward | more than 6 years ago | (#21408439)

That's why AtGuard (works regardless of what the client app that's downloading HTML is) was invented.

Never Experienced This (3, Insightful)

ilovegeorgebush (923173) | more than 6 years ago | (#21407685)

I've never come across one of these ads. In fact, I rarely get ads as I use the Adblock Plus [mozilla.org] plugin for Firefox. This just gives even more reason to ban advertisements entirely. Thanks!

Re:Never Experienced This (3, Funny)

Otter (3800) | more than 6 years ago | (#21407777)

Adblock doesn't block these, as they constantly change the domain names. NoScript, which is otherwise way too paranoid and obtrusive for my taste, will do it.

Unrelated thoughts:

1) YouTube video is a rather inefficient way to distribute this analysis.

2) The security guy is way too kind to the sites hosting these ads. I've written to several of them, telling them how sleazy the ads are and how bad they make the site look, and the ads are still there.

3) How did YouTube decide that "ridiculously hot LATINA girl dancing, not asian!" is a Related Video? Except in the sense that it's always relevant, I mean.

Re:Never Experienced This (5, Funny)

doombringerltx (1109389) | more than 6 years ago | (#21407981)

3) How did YouTube decide that "ridiculously hot LATINA girl dancing, not asian!" is a Related Video? Except in the sense that it's always relevant, I mean.
Finally a reason to RTFA

Re:Never Experienced This (3, Insightful)

orclevegam (940336) | more than 6 years ago | (#21407993)

Actually, these are getting into some reputable sites through places like DoubleClick, which is one of the domains that AdBlock targets, so in this case it will protect you. Now, on less reputable sites that are getting these things directly instead of through DoubleClick, yeah, AdBlock won't do much there.

Re:Never Experienced This (1)

Thanshin (1188877) | more than 6 years ago | (#21408005)

3) How did YouTube decide that "ridiculously hot LATINA girl dancing, not asian!" is a Related Video? Except in the sense that it's always relevant, I mean.

YouTube finally implemented the mind reading related video selection. What banner add did you first think about when you read the news?

Re:Never Experienced This (2, Informative)

rucs_hack (784150) | more than 6 years ago | (#21408649)

most advert serving domains still, for some reason place the images to be used in */ads/* or */banners/*, something like that anyway. A well written rule file for adblockplus (e.g most available ones) have the capacity to block many previously unknown ad servers. Then of course if they are spotted, they go on the list.

Very stupid idea (2, Informative)

TheMeuge (645043) | more than 6 years ago | (#21407779)

This just gives even more reason to ban advertisements entirely.


The "let's ban it" attitude seems awfully familiar. Are you a member of the US, UK, or EU parliament by any chance?

Like it or not, but advertising generates (directly and indirectly) the revenue that drives the Internet. When advertisement is passive, and does not attempt to hijack your computer, it is theoretically an win-for-all scenario: the advertisers get their clients, the consumers get their products, and the sites that host the advertisement get their costs and expenses covered.

Re:Very stupid idea (1)

IBBoard (1128019) | more than 6 years ago | (#21407897)

When advertisement is passive...

Hackers are using deceptive practices and tricky Flash programming...


Not quite passive if they're using Flash, though. I'm selective with my AdBlocking because I know some webmasters rely on the revenue. Anything that's overly flashy (be it flash or animated GIF) or anything too large/overlapping/intrusive gets the page or folder containing the add blocked. If it happens too many times then the entire domain goes.

As for the drive-by infection, hasn't that been going on for a while? I guess it is new (and slightly ironic in a "malware" kind of way) to put AV spam and redirects up instead, though.

Re:Very stupid idea (1)

orclevegam (940336) | more than 6 years ago | (#21408045)

On reputable sites I usually disable AdBlock plus, but I always use FlashBlock, as nothing annoys me more than flash ads.

Re:Very stupid idea (1)

GIL_Dude (850471) | more than 6 years ago | (#21408269)

I had understood that advertisers didn't pay for "impressions" (ad views) anymore and only paid for click throughs. If that is true (and I may be wrong about it - I certainly admit that), then if you are not going to click on an ad you might as well block them since the site admin isn't getting paid anyway. (And, even worse - for the few who self host the ads, you would be costing them bandwidth).

Re:Very stupid idea (3, Insightful)

Anonymous Coward | more than 6 years ago | (#21408639)

The "let's ban it" attitude seems awfully familiar. Are you a member of the US, UK, or EU parliament by any chance?

Like it or not, but advertising generates (directly and indirectly) the revenue that drives the Internet. When advertisement is passive, and does not attempt to hijack your computer, it is theoretically an win-for-all scenario: the advertisers get their clients, the consumers get their products, and the sites that host the advertisement get their costs and expenses covered.


You are very much mistaken. Advertising seeks good mediums to exploit, and always shows up AFTER the medium has established itself. Advertising funds garbage content.

Advertising does NOT generate the revenue that drives the internet, and without it, the internet would not only continue to thrive, but would improve. You're probably too young to remember it, but the internet existed long before anyone thought of using it for advertising. HTML existed long before anyone thought of using it for advertising. If every single ad-supported site vanished from the webernets overnight, things would be better. People with something worthwhile to publish would continue to publish, and those who spout useless drivel and subsist on advertising would have to crawl back to the holes from whence they came.

Your company/family/school (5, Interesting)

KiloByte (825081) | more than 6 years ago | (#21407903)

Right, we all use Adblock and the like. Yet, you can't force everyone in the vicinity to do so, there are lesser minds who opt for Opera, and there's even a tiny portion of giants on Links -- and let's not even mention how low SOME folks can fall.

I would say that adzapper (if you use squid) or a DNS-based blacklist is quite mandatory wherever you do have a say. Glancing at the logs of ISPs I have root at, roughly 1/4 of all freaking http requests go to lowlifes -- and even that based on my grossly incomplete list of ad/spyware/tracking scum.

Yeah, 25%. That's horrible.
And there are some customers dumb enough to complain if you do protect them from ads, so you can't do this in an ISP scenario. But in a company, school or family? Hell yeah, there's no reason for doubleclick.com to get through, ever.

Re:Your company/family/school (1)

Tangent128 (1112197) | more than 6 years ago | (#21408291)

Opera has "block content". Not that I've used it. Maybe I'm crazy, but I'm not offended by ads.

Re:Never Experienced This (1)

the_womble (580291) | more than 6 years ago | (#21408701)

Noscript is a lot better at protecting you from stuff like this: no Javascript, Flash Java etc. runs unless you let it. The malware need not be in an ad, there are a lot of other ways of getting people to their sites.

I run Firefox with Noscript on Linux, and using a different browser (I used to use a different user) for sensitive websites. Is this malware likely to affect me?

Spotted in the Field (1, Flamebait)

CheeseburgerBrown (553703) | more than 6 years ago | (#21407703)

I ran into one of these buggers while surfing news sites. Since I had many tabs open I'm not sure which one featured the poisoned ads, but I was fairly surprised when my Firefox 2 running under Leopard started coughing up fake, Vista-style dialogue boxes and floating window ads, as if I were using a common gutter computer like a Dell.

Re:Spotted in the Field (1)

dave420 (699308) | more than 6 years ago | (#21407991)

"Common gutter computer"? grow up :)

Drill-Down Explanation of Terms (-1, Troll)

CheeseburgerBrown (553703) | more than 6 years ago | (#21408539)

Defensive much?

It's pretty well known that malware authors have historically targetted the most common platforms to exploit. For the past decade or so this has been Windows-based PCs, which remain the world's most popular platform. The platform is common.

Dells are renowned in the tech community as often technically poor machines stripped down to bargain components in order to keep the sticker price low. They do not have a reputation for having a high resale value or superior performance, but they have a significant chunk of marketshare among bottom-feeder users with humble needs. They dominate the low end of the market, or in more colourful terms, the gutter.

So, when I'm using a high-end machine on a platform only rarely thus far targetted by malware, it makes sense to be more surprised than if one were using a highly targetted machine.

Do you follow along now, my gutter-computer using reactionary friend?

And the funny thing is... (1)

Noryungi (70322) | more than 6 years ago | (#21407709)


Some people complain about Firefox AdBlock? Sheesh.

Note to self: remember to program Adblock to reject everything from DoubleClick from now on, on all home computers.

Re:And the funny thing is... (1)

Henry V .009 (518000) | more than 6 years ago | (#21407789)

You still program Adblock? Give Adblock Plus and its automatically updating filters a try.

Re:And the funny thing is... (1)

Thanshin (1188877) | more than 6 years ago | (#21408115)

You still program Adblock? Give Adblock Plus and its automatically updating filters a try.
Upgrade now to AdBlock Plus! First fifty calls get a brand new filter free!

Re:And the funny thing is... (1)

Alexpkeaton1010 (1101915) | more than 6 years ago | (#21407917)

In addition to using AdBlock Plus it is also nice to use NoScript. The two of those combined speed up web surfing a tremendous amount.

Re:And the funny thing is... (1)

orclevegam (940336) | more than 6 years ago | (#21408089)

Actually I don't use NoScript because a lot of the sites I frequent have AJAX components, but I do use FlashBlock and that takes care of a lot of the problems.

AdBlock and NoScript (5, Interesting)

Timinithis (14891) | more than 6 years ago | (#21407719)

I use these exclusively, are there reports that this method gets by them? I know that if the ad is blocked, it isn't downloaded, but is that all it takes, download the ad and you have the virus?

Sounds like a reason to just block all double-click items...

I don't enable flash/scripts on any page unless it is needed -- like scripts for /.

Re:AdBlock and NoScript (0)

Anonymous Coward | more than 6 years ago | (#21408397)

People laugh at me and call me paranoid for using noscript. Poor fools, if they only had a clue. ;)

Re:AdBlock and NoScript (2)

secPM_MS (1081961) | more than 6 years ago | (#21408419)

I don't see a need for blocking adds. The problem is not the adds per. se., but the active content. Active content may be malicious. Unfortunately, rich media is the draw for the bulk of the viewer base and rich media tends to use active content.

The viewer / user if presented with Hobson's choice: accept active content, get the desired benefit - while taking the risk; or block active content, be safe, and not get the desired benefit.

If the user wants to view the content and be relatively safe, they can run Vista as a normal user and NOT elevate to administrator to install stuff when the malicious site downloads malware to their system.

They can run NoScript or equivalent and be very careful to authorize only those domains that they trust to run script.

I am paranoid. I run Windows Server 2008, running as a normal user. IE 7 is configured as my default browser in enhanced security mode, which is locked down and secure. IE will not allow me to download many types of items in the Internet zone, so I use Firefox with NoScript installed and kept current. I am very cautious about what sites I allow to run script, but I have blacklisted doubleclick. I do not run flash.

who is to blame (2, Insightful)

cpearson (809811) | more than 6 years ago | (#21407741)

Great, now we can await a round of finger pointing to begin over who is liable.

Re:who is to blame (0)

Anonymous Coward | more than 6 years ago | (#21407825)

Or, you can just block all ads and not care who is liable.

Re:who is to blame (1)

Detritus (11846) | more than 6 years ago | (#21407961)

The simple solution is to assign final responsibility to the web site that is delivering the tainted ads. They are the ones who have ultimate control over what content gets delivered to the user. "We contracted it out" should never be accepted as an excuse.

Ah, let the blame game begin (4, Insightful)

SuperBanana (662181) | more than 6 years ago | (#21407799)

The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal.

...and since those sites outsource to Doubleclick, they'll point a finger at them. Doubleclick will no doubt point the finger at some previously-unheard-of company that "solicits advertisements for the Doubleclick network", and they'll point the finger at their "client."

Meanwhile, The Economist, MLB, Canada.com, etc won't take responsibility for the content they present on their website (after all, they chose to use Doubleclick, they chose to put advertisements on the website, they chose not to require approval of ads before they were shown on their website, etc.) Funny how everyone is trigger-happy when it comes to copyright, but when it comes to content they present causing harm, it ain't theirs, eh? :-)

Doubleclick, of course, won't accept responsibility for vetting advertising distributed via their channel (which seems like a standard business procedure for, oh, an advertising network?) The only comfort is the mechanism of the free market: if website users get pissed enough, said websites might put pressure on Doubleclick or leave them altogether. That's bad for Doubleclick business, so maybe Doubleclick will consider vetting ads better, or run checks to see that flash code doesn't do certain things, etc. Then again, if the malicious banner ad suppliers are paying good enough money, Doubleclick may be perfectly happy to issue a press release "apologizing" and keep right on doing business as usual.

Re:Ah, let the blame game begin (4, Informative)

Frosty Piss (770223) | more than 6 years ago | (#21408255)

Meanwhile, The Economist, MLB, Canada.com, etc won't take responsibility for the content they present on their website (after all, they chose to use Doubleclick, they chose to put advertisements on the website, they chose not to require approval of ads before they were shown on their website, etc.) Funny how everyone is trigger-happy when it comes to copyright, but when it comes to content they present causing harm, it ain't theirs, eh?
And speaking of "trigger-happy", you seem to point the finger right back at the Web sites for not inspecting the ads and the underlaying code. Well, that's what they hire DoubleClick for, thats one of the points for using outside ad servers. DoubleClick (and its Mother Ship Google) where not doing their jobs. It was THEIR responsibility to know that the ads THEY served where ligit or not. That's why THEY make the "big bucks". Google is good, Google is God...

Yeah sure (2, Insightful)

gerf (532474) | more than 6 years ago | (#21408515)

When you find a company that allows people to use their copyrighted material however they want, and also takes responsibility (monetarily and apologetically both), for their own mistakes, let me know. And they have to still be in business, that is..

Re:Ah, let the blame game begin (0)

Anonymous Coward | more than 6 years ago | (#21408709)

"Funny how everyone is trigger-happy when it comes to copyright, but when it comes to content they present causing harm, it ain't theirs, eh?"

The obvious solution then, is to download the ads, post them on YouTube, and upload them to BitTorrent. Takedown notices will immediately circulate, and the ads will be taken away.

TFA = Site scraping? (5, Informative)

Anonymous Coward | more than 6 years ago | (#21407803)

The flibby link is identical to this Wired blog post [wired.com] by Betsy Schiffman, dated four days earlier.

Yeah... (0)

Anonymous Coward | more than 6 years ago | (#21407847)

but does it work on Linux.

The evils of Javascript (0)

Anonymous Coward | more than 6 years ago | (#21407859)

This isn't news... except perhaps to those who ridicule us folks who disable javascript for security reasons.

Re:The evils of Javascript (1, Insightful)

Allicorn (175921) | more than 6 years ago | (#21407965)

Javascript's alignment notwithstanding, it is not implicated by TFA in this particular situation. This is about the evils of Flash.

I wonder... (0)

Anonymous Coward | more than 6 years ago | (#21407867)

When I'm faced with unexpected modal dialog boxes on web pages I don't click any of the buttons -- instead I close the dialog box by clicking the corner "X." I don't even trust a "cancel" button. In the video demonstration, the user always clicked a button, even when "okay" was the only choice.

Not that it lessens the threat by much, but I wonder if the attack could've been thwarted simply by clicking that little "X" in the corner instead of a button.

Re:I wonder... (0)

Anonymous Coward | more than 6 years ago | (#21407975)

I've seen these pop-ups a couple of times, and the X generally doesn't prevent it. The script is probably written to always take the next action when the previous window is destroyed. Your best bet might be to leave it be, and do a force quit of the entire browser application.

ISP's should block DoubleClick (2, Interesting)

RichMan (8097) | more than 6 years ago | (#21407885)

This is a good enough reason for ISP's concerned about security to block DoubleClick. You spam the net with bad referrals you get binned. Also think of the traffic that would get binned, way better than blocking p2p.

Do it for a month and DoubleClick and their ilk will be extra sure about not hosting bad stuff.

Re:ISP's should block DoubleClick (1)

Dunbal (464142) | more than 6 years ago | (#21408153)

This is a good enough reason for ISP's concerned about security to block DoubleClick.

      Wishful thinking. ISP's are far too busy doing IMPORTANT things like going after P2P and torrent users than doing TRIVIAL things like block spam and malicious code.

Re:ISP's should block DoubleClick (1)

morgan_greywolf (835522) | more than 6 years ago | (#21408385)

Big ISPs, or their ad agencies, are some of DoubleClick's biggest customers. Don't tell me you've never seen banner ads for Comcast or EarthLink or AOL originating from DoubleClick?

No biggy (0)

Anonymous Coward | more than 6 years ago | (#21407899)

I'm sure Google will fix it all when they take over Doubleclick. After all, they've never had unexpected results with AdWords!

I've seen this (0)

Anonymous Coward | more than 6 years ago | (#21407905)

I had an ad pop up on a website I was viewing on a work computer. The site was legitimate and appeared that somebody had used a DoubleClick banner to attempt to exploit my machine. I clicked the x button to close the window but it took me to the malware site anyway. It really freaked me out. I had to close Firefox completely with a series of Alt+F4 hits. Thank goodness I was using portable Firefox instead of the outdated IE the company tries to force us to use or I would definitely be screwed. I just hope it didn't do any damage to my machine.

Does anybody have any information on what this malware does to your machine?

Adblock, flashblock (1)

Gothmolly (148874) | more than 6 years ago | (#21407919)

Nothing to see here, please move along.

Technological Darwinism in action.

Re:Adblock, flashblock (1)

MyLongNickName (822545) | more than 6 years ago | (#21408067)

What exactly does this have to do with Darwinism? Does the virus cause the computer to kill the user so he/she cannot reproduce? And is computer illiteracy genetic? If not, then my next suggestion is that parent poster just likes to feel smug about his computer knowledge...

Re:Adblock, flashblock (1)

darthflo (1095225) | more than 6 years ago | (#21408447)

It's the other way round. Computer-illiterate Fred's computers get infected, work slower or stop working alltogether, Jack, who knows a bit about computers is called up (friends, family or geek squad), fixes it, receives money. After a few of said encounters, Jack possesses lots of money while Fred's really poor. Jack then gets to have loads of unprotected sex with lots and lots of supermodels, producing a filthy rich uber-generation of semi-computer-savvy children while Fred's happy to be able to afford a microwave dinner every few days. He can't afford two microwave dinners per day though, so he'll stay single and won't reproduce. done.

So THAT's what it was... (0)

Anonymous Coward | more than 6 years ago | (#21407931)

OK, so it's not just me! I have an XP (sp2) box that I've kept trim and clean for ~5 years now, until I got hit with one of these a week ago.

It happened just as described in the article, and I've had a HELL of a time trying to clean it off. I managed to get rid of the primary symptoms (ie. - notices that my hard drive had "junk" on it, linking to sales sites for SystemErrorFixer and PCPrivacyTool), but was left with a residual effect (virus?) that the resolution of network names on my internal network were directed first to an external IP address of extremely dubious pedigree.

None of the common tools (ie. - AVG, SBS&D, unHackMe, Smitfraud killers, CA anti-virus, MS OneCare, etc.) were able to even SEE this, let alone remove it, so I've settled on a format/reinstall.

Interesting that the article mentions Canada.com, as I live in Toronto, and use their TV listings daily.

Not exactly new (5, Informative)

Anonymous Coward | more than 6 years ago | (#21407941)

This has been going on since flash 8 was released with a vulnerability. I got hit by this about a year ago, maybe a little more.

  Suddenly windows security center, that I routinely turn off because I can't stand the nagging, started up and told me that my computer was insecure and that I should go to a certain website and buy their virus defender software.

Not very subtle to a savvy person like myself, but I imagine some people would fall for it.

The box also started throwing up connection error message boxes, presumably because my external firewall were blocking outgoing connection attempts. Again not subtle, but it's an uncommon setup for a home user.

Third, it must have rooted the box somehow because certain files became invisible. "test.exe" among them. Renaming a textfile to text.exe would make it disappear, and the folder would be unremovable. Cygwin came to the rescue there. Also I noticed only because I happened to have lots of little crap programs laying around.

The virus scanners did not pick up on this.

This is the only time I have actually contracted a virus. Needless to say I hosed the box (PING is not disk image). What I learned from the experience is that knowing your system is way more effective than a virus scanner, and B) don't trust flash which is how I got the damn thing. I thought I was safe with firefox.

Terrible relationships with their advertisers (4, Insightful)

sseaman (931799) | more than 6 years ago | (#21407963)

Content providers need to be responsible for the content of the ads posted on their sites - that's a given. TFA indicates that these content providers (the people behind NHL.com, for example) simply received payment for these ads via credit card or wire transfer and then posted the content. If these sites used a network television model, they would have intimate relationships with the advertisers and would work together to provide less offensive and more effective ads. I don't think they need to go that far (network television ads are far from perfect, although they are quite effective), but clearly MLB.com and NHL.com need to be held responsible for the content on their sites, and hopefully this will encourage better cooperation between site hosts and advertisers.

FireFox+Adblock (0)

Anonymous Coward | more than 6 years ago | (#21407987)

Use Adblock... the "stealing money from webmasters tool" :P awwwwww por little webmasters

Say.. doesn't Slashdot use Doubleclick? (3, Interesting)

Animaether (411575) | more than 6 years ago | (#21408003)

I'm pretty sure it does because I had to wait 30 seconds for any page of Slashdot's to render fully yesterday because Firefox was busy waiting for ad2.doubleclick.com or somesuch subdomain of theirs. The current page source certainly has doubleclicky ads.

Now, granted, the malware distributors typically tag ads for subjects not often seen on Slashdot (but I get them on, e.g., the Sinfest comic - huh, imagine that).

I'd say it's about time Doubleclick (that's you, Google, if you finally get to say you did indeed acquire it and everybody OK'd the deal.) gets held a little more responsible for this sort of thing being done through their network for which they collect money.

Re:Say.. doesn't Slashdot use Doubleclick? (1)

orclevegam (940336) | more than 6 years ago | (#21408203)

I just got a new workstation at my office and hadn't got around to installing FlashBlock/AdBlock+ like I normally do, but the dice.com add on slashdot finally convinced me to do it. For some reason whenever the dice.com ad loaded it would bring firefox to a crawl until I killed the window it was in or reloaded that page and got a different ad cycled in.

!news (1)

blackdew (1161277) | more than 6 years ago | (#21408017)

This is going on prety much since the beginning of the (http-based) web as we know it, first by browser exploits then by flash and activex and whatever else

definetly not news

Doubleclick sent out a notice Friday (4, Informative)

night_flyer (453866) | more than 6 years ago | (#21408021)

here's a list of the sites that contained the malware:
100it.info, 10smi.info, 2greatfind.com, 2quickfind.com, 3akoh.net, Ad2cash.net, Ad2profit.com, Adcomatoz.com, Adgurman.com, Adhokuspokus.com, Adnetserver.com, Adredired.com, Adsolutio.com, Adtraff.com, Adverdaemon.com, Adverlounge.com, Adzyclon.com, Alg-search.com, Alhoster.com, Aligarx.biz, All-search-it.com, Alphatown.us, Anmira.info, Anonymbrowser.com, Antivirussecuritypro.com, Aptprog.com, Art-earn.biz, Astalaprofit.com, Autodealer-search.com, B2adz.com, Bazaard.com, Belkran.com, Belshar.com, Bestadmedia.com, Best-biznes.info, Best-cools.info, Bestdatafinder.com, Besteversearch.com, Bestpharmacydeals.com, Best-screensavers.biz, Bestsearchnet.com, Bestshopz.com, Bestwm.info, Bestwnvmovies.com, Bezzz.info, Bi-bi-search.com, Bizadverts.com, Bizmarketads.com, Blessedads.com, Bm-redy.com, Bovavi.com, Brandmarketads.com, Bucksinsoft.com, Burnads.com, Cancerno.com, Candid-search.com, Carpropane.com, Cashloanprofit.com, Casinoaceking.com, Casinoby.com, Casinodealsgalore.com, Cha-cha-search.com, Cheap-auto-deals.com, Checkstocklist.com, Chushok.com, Clever-at-search.com, Clubheat.info, Come-from-stars.com, Co-search.com, Creamme.net, Cryptdrive.com, Cyndyk.info, Deuscleanerpay.com, Didosearch.com, Diphelp.biz, Dmitry-v.info, Doma2000.com, Durtsev.com, Easybestdeals.com, Energostroj.com, Enothost.com, Eroticabsolute.com, Errordigger.com, Errorinspector.com, Evrogame.info, Fandasearch.com, Fantazybill.com, Fastwm.info, Fastzetup.info, Fati-gati-search.com, Favourable-search.com, Favouriteshop.com, Feel-search.com, F-host.net, Fifaallchamp.com, Fight-arts.com, Fileprotector.com, Findbyall.com, Firstbestsearch.com, Firstlastsearch.com, First-ts.com, Foamplastic.net, Fokus-search.com, Force-search.com, Forceup.com, Forex-instruments.info, Forvatormail.com, Freepcsecure.com, Freerepair.org, Freetvnow.net, Friedads.com, Fulsearch.com, Getfreecar.com, Gibdd.us, Glass-search.com, Glorymarkets.com, Gosthost.net, Great4mac.com, Greyhathosting.com, Gt-search.com, Hackerpro.us, Hardlinecenter.com, Hebooks-service.com, Hintway-international.com, Homeofsite.com, Hromeos.com, Hyip2all.org, Icq-lot.org, Iddqdmarketing.com, Ideal-search.com, Idea-rem.com, I-forexbank.biz, I-games.biz, Imamis.net, Individ-search.com, Information-advertising.info, Infyte.com, Initial-search.com, Insochi2014.com, Installprovider.com, Internetadaultfriend.com, Internetanonymizer.com, Internetsupernanny.com, Intervarioclick.com, Investmentsgroup.org, Invulnerableads.com, It-translation.biz, Izol-tech.com, Kamerton-tests.com, Kazilkasearch.com, Keytooday.com, Keywordcpv.com, Kiridi.net, Kpoba.net, Kurgan45.info, Ladadc.com, Lanastyle.com, Ldizain.info, Libresystm.com, Liders.biz, Linii.net, Liveclix.net, Loffersearch.com, Londasearch.com, Lovecraft-forum.net, Loveopen.info, Lseom.biz, Luckyadcoin.com, Luckyadsols.com, Mad-search.com, Magicsearcher.com, Mailcap.info, Manage-search.com, Marketingdungeon.com, Mass-send.com, Max-expo.net, Maxyanoff.com, Mediatornado.com, Mega-project.biz, Megashopcity.com, Mightyfaq.com, Misc-search.com, Mobilesoftmarketing.com, Mobiletops.com, Mobilorg.org, Moneycometrue.com, Moneypalacecash.com, Mounthost.net, Myfavouritesearch.com, Myhealth-life.org, Myonlinefinance.com, Mysurvey4u.com, Mythmarketing.com, Mytravelgeek.com, Myusefulsearch.com, Napol.net, Navygante.com, Netmediagroup.net, Netturbopro.com, Newbieadguide.com, Nryb.com, Of-by.info, Olgalml.com, Ol-search.com, Onedaysoft.com, Onestopshopz.com, Onwey.com, Opensols.com, Original-search.com, Osetua.com, Osminog.org, Parischat.org, Passwordinspector.com, Pcsoftw.com, Pcsupercharger.com, Performanceoptimizer.com, Piramidki.com, Podelkin.info, Popadprovider.com, Popsmedia.com, Popupnukerpro.com, Postcity.info, Prenetsearch.com, Prevedmarketing.com, Prizesforyou.com, Pro-dom.info, Propotolok.info, Pro-svet.info, R2d2adverising.com, Radiosfera.net, Rocktheads.com, Roller-search.com, Rombic-search.com, Rus-invest.net, Rusnets.info, Russia-post.com, Sajruen.info, Samson-pro.com, Sauni.net, Se7ensearch.com, Search-and-win.com, Search-angle.com, Searchcolours.com, Searchcompleteness.com, Search-deal.com, Search-expand.com, Search-into.com, Searchmandrake.com, Searchonline-ease.com, Searchoperation.com, Search-the-best.com, Search-the-prey.com, Searchvirtuoso.com, Search-west.com, Sellmoresoft.com, Selvascreensaver.com, Seorule.com, Serebro1.info, Sergp.info, Sevna.org, Sex-mp4.info, Sharpadverts.com, Shivanetworking.com, Shootnix.net, Shopshot.com, Simplesamplesearch.com, Siputa.com, Smssrv.com, Softgeeks.net, Softwcs.com, Sotaman.info, Spbcoffee.info, Sterx.org, Stolovaya.info, Stratosearch.com, Such-search.com, Sus-upp.com, Svadba-buket.info, Svadba-center.info, Svadba-dress.info, Svadba-rings.info, Svadba-scenarii.info, Svadba-toast.info, Svadba-vikyp.info, Takeheree.com, Tallgrass-seach.com, The-same-search.com, Traffalo.com, Traveltray.com, Treekindsearch.com, Type-and-find.com, Typeblogger.info, Unicsearch.com, Uniqads.com, Unrealcommander.biz, Unrealcommander.com, Unrealcommander.info, Unrealcommander.org, Vip-mails.com, Vitecmedia.com, Vkpb.net, Wape3a.net, Waytotheprofit.com, Web-feed.net, Web-work.biz, Wewillfind.com, Windefender.com, Windfiresearch.com, Wmbserg.org, Wmclick.info, Wmdoxod.info, Wmlasvegas.com, Wmlasvegas.net, Wmolotok.org, Wmrabota.info, Wm-source.info, Wmzmails.info, Wontu-search.com, Wordwide.info, Workhomecenter.com, Work-world.info, World-promo.net, X-diesel.biz, X-diesel.com, X-diesel.info, X-diesel.net, X-diesel.org, X-lave.info, Yourseeker.com, Yourshopz.com, Yourteacheronline.com, Y-piter.com, Zalex.info, Zappinads.com, Zapsibir.com, Zooworld-search.com, Zvukko.net

Re:Doubleclick sent out a notice Friday (1)

Frosty Piss (770223) | more than 6 years ago | (#21408363)

None of the sites listed in the "story" are on this list. Where did this list come from? Or is this some SEO trick for a bunch of spam sites?

Old news.. and a very old problem. (1)

Dynamoo (527749) | more than 6 years ago | (#21408031)

Seriously, I wrote about exactly the same thing here [dynamoo.com] a month ago, although I could identify Doubleclick as the network running the ads. It's quite amusing to see that the fake anti-spyware app claims that you have Windows malware on your Linux box.

Still, griping aside it's good to see this hijack getting a higher profile. However, I had a note from someone who had come across a hijacked banner on Yahoo! just today, so it's clear that the banners are still out there.

Banner hijacks for this type of rich media ad are not a new problem [dynamoo.com]. It's not a problem you generally see with good old fashioned GIF and JPG banners, or plain text ads.

Re:Old news.. and a very old problem. (1)

GIL_Dude (850471) | more than 6 years ago | (#21408455)

So far, these have all been Flash based attacks from what I am reading. I know few folks use it yet (ever?), but what about SilverLight? Does it enable these same vectors? I know some sites (like MLB.COM) do some of their stuff in SilverLight these days (probably got special help setting it up or got paid to do it or something). Anyway, it makes me wonder if it is really ALL rich media or if it is really specific to a design issue with Flash?

allmusic.com as well (1)

withears (881576) | more than 6 years ago | (#21408135)

This explains a lot. A couple of times recently on Allmusic.com, I've had some spyware-malware.com (or some such thing) make a pop-up box on me. I was very confused as to why a legit site like allmusic would have that happen. Sites need to start being concerned about this kind of thing or they're going to start losing traffic.

F the Flash garbage (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21408177)

Flash has always been an insecure resource hog.

Unfortunately, I think a lot of folks get talked into using flash on their sites by web designers who just want to maximize billable hours. Often their sites fail at the basic function of conveying information because they don't include HTML versions of the information people are looking for. A great example are bands with tour information in Flash only. Most of the artists don't even know about the problem. Unfortunately the people who answer webmaster@site are often those reaping the cash rewards of flash-only implementations.

I don't allow flash in my primary browser and also disable javascript. I won't visit websites that require Flash. Just say no.

Google and DoubleClick (0)

Anonymous Coward | more than 6 years ago | (#21408191)

...sites by way of DoubleClick's DART program...
Remember, Google is Good not Evil.

Tales of the Obvious (1)

flerndip (1191125) | more than 6 years ago | (#21408197)

I've seen shit as brazen as this for decades. Most notably the sort of poorly-constructed pop-ups that leave me thinking, "That would fool my mom. I need to warn her." When confronted by this sort of criminal code, I open the task manager and dump the browser entirely. Sure, I lose every tab I have open, and everything I was doing up until that point, but oh well. NEVER click OK if it's NOT OK.

yet another reason... (1)

fotbr (855184) | more than 6 years ago | (#21408211)

to block doubleclick

Adblock, hosts file, iptables, surfing the net with lynx, etc. Pick a method you like and enjoy life without doubleclick.

Why aren't we blaming the browser? (3, Insightful)

bhmit1 (2270) | more than 6 years ago | (#21408227)

Everyone is cheering for AdBlock when they read this, but why is it ok that a browser can install spyware, viruses, etc when you are browsing a web page? Shouldn't this be something that can only happen on sites that you explicitly permit or upon agreeing to a dialog asking if it's ok to run a given program? If you can experience this problem with double-click, then you can experience the same problem with any web site out there, so I'd much rather see us fixing the security holes in various browsers.

Re:Why aren't we blaming the browser? (4, Insightful)

moderatorrater (1095745) | more than 6 years ago | (#21408513)

Flash is a plugin, it's what needs to enforce a security model. Also, sites need to step up and stop allowing exploitative ads. If an ad is clearly posing as a windows dialog box, then that ad shouldn't be allowed onto your site.

Allright, I give up... Adblock time (1)

philmack (796529) | more than 6 years ago | (#21408261)

So after so many years I just now installed ad block plus. I never went through with it before because I would occasionally click on an ad... maybe every other month? I never felt bad about it because those ads were usually on the developer sites that I use constantly... if clicking their ad can give them a few cents and give me some information I need, I've more than paid for my individual usage of their site.
But if the biggest names in advertising cant keep their act together, then I just don't see how anyone can justify allowing ads any longer.
~Phil

Are you surprised? Risks of client-side scripting (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21408295)

The risks of client-side scripting that use unsafe languages (including Flash and its ActionScript) make the extra functionality not worth it to me. If you want to be safe, disable scripting and live without it, or use NoScript. I hope some day scripting will become safe, but it clearly isn't now.

Doubleclick could fix this in 2 seconds (4, Insightful)

oni (41625) | more than 6 years ago | (#21408353)

From TFA: The malware looks like a ordinary Flash file, with its redirect function encrypted, so that when publishers upload it, the malware is not detectable.

All Doubleclick has to do is require the actionscript source code for all ads. There is *no good reason* for an advertiser to hide anything from doubleclick. Send doubleclick your sourcecode. They will compile it into a .swf file. If you don't like that policy, then you can find another distributer for your ads. If your actionscript is so convoluted or obfuscated that doubleclicks programmer can't figure it out, then you can wait in line until the programmer can figure it out, or you can simplify it.

Problem solved.

the common denominator (1)

FudRucker (866063) | more than 6 years ago | (#21408519)

the common denominator in all this is MS-Windows, get rid of windows (if possible) and you will be much better off with an immunity from this sort of infection, use some variation of *nix (BSD of Linux) and as others in this article commented using AddBlock & NoScript extensions on Firefox is your best bet at stopping this sort of thing...

Kent Brockman (1)

FriendOfBagu (770778) | more than 6 years ago | (#21408723)

I think Kent Brockman already reported on this:

Even as I speak the scourge of advertising could be heading to your town. Lock your doors, bar your windows, because the next advertisement you see could destroy your house and eat your family!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...