Users visiting the website of UK broadcaster ITV earlier this week risked exposure to a scareware package. Malware-laced banner ads that lead to download sites for the Cleanator scare package have also been served up on the Radio Times website. Radio Times confirmed that it removed the offending ad late Wednesday morning, …
On Yahoo too
This is also in the ad rotation for Yahoo mail. My antivirus (Nod32) has stopped it twice in the last week. Click on anywhere on the dialog box (including the X) and it attempts to do things to your machine.
Saw this nonesense on ITV.com. Just closed my browser. Someone should track down these jokers and introduce them to cricket, from the ball's perspective.
Use the Firefox add-ons No-Script and Re-Direct Remover. I have found it deals nicely with all that horrible crap (and can be disabled if necessary with a minimum of fuss)
OK, dumb question time...
Given that all an advert needs to be is a static image, or maybe an animated one, how or why is there any code at all, of any kind, associated with it?
Seems to me that, in a desire to see who can out-annoy who, otherwise legitimate ad serving organisations have opened a can of worms that simply didn't need opening. Given how easy it is to just install ad blocking software, I'd have thought webmasters would be falling over themselves to see who could produce the _least_ intrusive ads, in the hope that people wouldn't just switch them off altogether.
Why on earth mention PHP? It hasn't got anything to do with it, next you'll be saying it was PHP 4.2 on Apache 1.3 on Windows 2000 running on a Dell machine with an AMD processor and Western Digital disk, which is hosted in a yellow room in Liverpool. Ooh, hang on a minutes I see your point now, it's the scousers again......
I saw this too...
The thing is I also saw it on my Girlfriend's Mac, with a page that made it look like it was Mac specific malware that was being searched for so I killed the browser (firefox). The problem is that having no AV or anti-spyware installed on the Mac, I have no way of knowing if anything dodgy was run or is still running on it. Anyone got any suggestions? Preferably ones that don't involve shelling out actual money...
re How come...?
On Interface Lift aswell
I have had this a number of times on the Interface Lift site. Also tried to download a Trojan via .swf whilst re-directing me to one of these scareware sites. Virus protection caught it, but I still don't understand how complicated it can be to prevent this sort of crap from being identified sooner and then stopped.
Didn't click on anything on the site, just navigated to it using my favourites link.
Maybe get the owners of the ad server to verify or test the code first?
Saying that NoScript works is like saying that turning the computer off works. It does technically work, but surely it pans out like this instead:- Person with NoScript visits itv.com and is safe. Considers itv.com to be a safe, trusted site. Sees that video is present and wants to see it so starts enabling scripts on the site and embedded sites until they get the desired functionality (even if temporarily). However all they see is server names with no idea what they do. At some point they enable the servers which allows the malware to come through.
I don't understand how someone is supposed to work out what constitutes a trusted site and an untrusted site in the context of malware which is running from an otherwise clean and trusted site such as itv.com. The bottom line is if you don't trust anything, a lot of perfectly good sites don't work. if you do trust parts of those sites, you risk being hit by this kind of malware.
I use NoScript but I don't see how it can protect against this. It does protect against a lot of other stuff and that's why I use it and support it.
re: On Interface Lift aswell
Advertising policy varies from site to site: sites could leave it to third parties like Doubleclick or run their own solutions. Depending on volumes ads could be monitored or just fed into the system as long as someone has paid for them. One would hope that there was some nominal screening for malware but in the end it's all income and economies of scale and I would guess that potentially malicious ads aren't spotted until they are served. In the meantime, Firefox + AdblockPlus + NoScript are your friends.
What laws have been broken here?
And will somebody definitely be identified and prosecuted AND forced to recompense each and every person who has been disadvantaged by this miscreant?
Perhaps even more important, if no laws have been broken, will somebody please identify and shoot somebody in Her Majesty's Government for FAILING to bring in proper LAWS to prevent this sort of menace?
You could sa, however..
.. that having invaded your computer, interrupted your web browsing, bombarded you with messages pestering you to buy their software, or else - all because you went to a web page with an advert on it... that they have, at least, proven one thing. They're right: you're computer's not secure.
They're still c*nts, like, but in a: 'Hey, look! We can act like c*nts, and you can't stop us!' sort of way.
"Given that all an advert needs to be is a static image, or maybe an animated one, how or why is there any code at all, of any kind, associated with it?"
Depending on how the ads are embedded, what comes back from the ad-server can be nearly anything. Not just a hyperlinked image file.
It could also be a Shockwave Flash object instead of a static/animated image. I'm not all that au-fait with Flash capabilities (bloody hate the stuff), but I wouldn't be surprised if you can make that auto-load another page too.
In several of these cases there's no need to even click anything, just loading the damn thing is enough to make the badness take place.
ABP is more powerful where ads are concerned as it will show the scripts attached to the ads that are blocked. I pressed the ABP button on this page and it flags scripts and shows the code, which in the case of Doubleclick ads, runs to a couple of thousand characters, which, if you wore a tinfoil hat, could mean anything, which is why the combination is a good solution as far as I'm concerned.
And in Pogo
I complained to EA games about the pop-up, and they said eventually that "more time is required for investigation".
I think my TV must have caught this pop-up virus too. Each time I watch Corrie I get some junk messages on screen telling me to text a number to catch-up with ITV programmes, or to visit the website or to watch The Bill coming next.
Is there anything I can do to cleanse my CRT of this crap?
Noscript will block ads by domain, this is true. That's why you never bother allowing domains with "adserver" or a domain totally unrelated to the site you're trying to view as i doubt you'd be deliberately trying to look at ads if you have noscript installed.
Clean your screen from the inside with this - http://www.linein.org/media/screen_clean.swf
Are there adverts and nasty script thingies on the Interwebs?
My Firefox extension settings & anti-spyware apps must be hiding them from me.
Mine's the mink with the fox stole.