Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm. The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's …
Of course, it could never happen to El Reg, could it?
Oh wait... http://www.theregister.co.uk/2004/11/21/register_adserver_attack/
The vulnerabilities are in the browser and operating system
The internet is full of viruses. If the user hasn't updated their software, they're putting themselves at risk whether the malware exists in an ad banner or any other site.
And some people wonder why I insist on blocking all ads and most scripts in my browser. Not only are many of them annoying, but you have the possibility of them being carriers for malware.
"Let the browser beware"!
Two cures for the malvertisement blues... and I can see why he wouldn't want his name used.
AdBlock + NoScript = WIN.
>""With DoubleClick ad management, publishers are in control of what content they are serving and are therefore ultimately responsible for determining what advertising appears on their site,""
Yes, no wonder the facetious git didn't want his name used. Is he seriously claiming that there's an option in the publishers' googleads account settings for "Include malware banners (Yes/No?)" and it's all the publishers' fault for having left it on instead of off? Because he certainly *sounds* like he's saying it's all their fault for having *chosen* to get malicious ads from google's advertising network. No wonder he didn't want to be named, he knows how stupid he must have sounded.
Half the truth anyway.
"He went on to say that DoubleClick does employ a security monitoring system that screens all ads, and in cases where it identifies problem banners, they are pulled immediately."
It's a shame he didn't go on to apologise for this system being a useless sack of shit that's not fit for purpose. An existing Trojan targetting an old vuln and they *still* didn't spot it? You could forgive 'em not picking up the odd zero day, but this?
Doubleclick were always greedy scum peddlars. Being owned by Google doesn't make them any more than Google-branded greedy scum peddlars. They've been blocked on my router for some years now and I've still seen nothing that would make me think about changing this (notwithstanding that the whole "getting off my arse and doing it for no benefit" bit is unlikely to happen in any event).
Last night I added these to my firewalls access restrictions list
Got fed up of being redirected to google-analytics (fuck google) every time I clicked on a link. But then added
yieldmanager, doubleclick, tacoda, smartadserver, googlesyndication.
Going to be adding more soon.
Adblock Plus anyone?
Further support for ABP and NoScript.
I have to echo the above comments about the goodness of AdBlock Plus and NoScript. I've been running both for a couple of years, and I've yet to experience a "drive-by download" type infection. I wish our IT manager would make that setup mandatory for all web browsing here.
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL
- Google chief Larry Page gives Sundar Pichai keys to the kingdom
- Breaking news: Google exec veep in terrifying SKY PLUNGE DRAMA