Hmmm
Adblock Plus anyone?
Malware torrent delivered over Google, Yahoo! ad services
Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm. The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's …
This topic is closed for new posts.
Of course..
Of course, it could never happen to El Reg, could it?
Oh wait... http://www.theregister.co.uk/2004/11/21/register_adserver_attack/
The vulnerabilities are in the browser and operating system
The internet is full of viruses. If the user hasn't updated their software, they're putting themselves at risk whether the malware exists in an ad banner or any other site.
Caveat Pasco
And some people wonder why I insist on blocking all ads and most scripts in my browser. Not only are many of them annoying, but you have the possibility of them being carriers for malware.
"Let the browser beware"!
Two cures for the malvertisement blues... and I can see why he wouldn't want his name used.
AdBlock + NoScript = WIN.
Also,
>""With DoubleClick ad management, publishers are in control of what content they are serving and are therefore ultimately responsible for determining what advertising appears on their site,""
Yes, no wonder the facetious git didn't want his name used. Is he seriously claiming that there's an option in the publishers' googleads account settings for "Include malware banners (Yes/No?)" and it's all the publishers' fault for having left it on instead of off? Because he certainly *sounds* like he's saying it's all their fault for having *chosen* to get malicious ads from google's advertising network. No wonder he didn't want to be named, he knows how stupid he must have sounded.
Half the truth anyway.
"He went on to say that DoubleClick does employ a security monitoring system that screens all ads, and in cases where it identifies problem banners, they are pulled immediately."
It's a shame he didn't go on to apologise for this system being a useless sack of shit that's not fit for purpose. An existing Trojan targetting an old vuln and they *still* didn't spot it? You could forgive 'em not picking up the odd zero day, but this?
Doubleclick were always greedy scum peddlars. Being owned by Google doesn't make them any more than Google-branded greedy scum peddlars. They've been blocked on my router for some years now and I've still seen nothing that would make me think about changing this (notwithstanding that the whole "getting off my arse and doing it for no benefit" bit is unlikely to happen in any event).
Last night I added these to my firewalls access restrictions list
Got fed up of being redirected to google-analytics (fuck google) every time I clicked on a link. But then added
yieldmanager, doubleclick, tacoda, smartadserver, googlesyndication.
Going to be adding more soon.
Further support for ABP and NoScript.
I have to echo the above comments about the goodness of AdBlock Plus and NoScript. I've been running both for a couple of years, and I've yet to experience a "drive-by download" type infection. I wish our IT manager would make that setup mandatory for all web browsing here.
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - Risk and Resilience
The application availability gamble - Register Research on: Agile development - is it right for you
Reaping the benefits of modern software practice - The Register Guide to managing spam
A primer on the implications for enterprise IT - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - High Performance for All
Responding to the needs of compute-intensive workloads
