Two of the world's biggest ad serving networks – one owned by Google and the other by Microsoft – have been caught delivering booby-trapped banner ads that infect computers with malware without any action required on the part of the end user. The ads on Google's DoubleClick and Microsoft's rad.msn.com contained heavily …
I can't imagine
these companies informing the marks, sorry consumers, that blocking the ad servers at the router/firewall will protect systems from the malware served by said systems.
Are these companies not responsible for what they serve? Shouldn't they pay compensation fro the damage caused by any malware that they serve?
this has been going on for years, it's how most big businesses make a profit
A good reason to use FF
Noscript + Adblock
Noscript + Adblock + anything but Windwoes.
or, indeed, a hosts file such as http://www.mvps.org/winhelp2002/hosts.htm
"Similar attacks can be avoided in the future" by using a very simple tactic...
SERVE ONLY IMAGES
Image exploits are possible, not heard of any recently though.
Do you remember that lovely gdi+ bug not long ago?
While I agree with you that ads should only be images
There have been exploits that trigger on little more than buffer overruns by corrupt images. So, um, yeah. If you really want to be safe, use Lynx.
*Double checks that these domains are blocked in NoScript*
Oh for the love of...
Why the hell aren't people blocking this tripe? There is absolutely no reason to have ads in a pages, get stocked up with AdBlock+, NoScript, etc. I always tell people who use FF to always install AdBlock+ and if they wish, FlashBlock too. You will get faster loads and nicer, easier to read pages.
Not only are ads bloody annoying, they're Web equivalent of finding "dog-links" on the pavement outside your house, they break up the page flow and slow the loads times. Certain tech news sites, ahem, look much better without the nasty ads breaking the flow with all that horrible kerning.
Sorry Reg, but your pages just look much nicer without the ads!
Not all ads
I too am a NoScript fan and that's good enough. Without scripting the worst offenders - and infections - are dealt a hefty kick to the virtual nuts. And yes the decrease in load times is very welcome too. I'm so used to the slimline version of the web that it has become shocking to see what other people have to put up with.
Particularly on the Reg I am fine with the text adverts and occasional animated GIF. They're not so garish as to be distracting and they do serve a purpose after all, to pay for my favourite periodical. Long live El Reg! Love live saint Paris!
we'd never have seen the cow with the flaming flatulence if we were blocking...
US Intelligence Could Be Behind This
Google is known for their technology competence. Now they serve up viruses ? Come on...
TheRegister has reported that a USGOV contractor "takes over" botnets to provide intelligence to US agencies (probably CIA and NSA). What if that "contractor" is behind this.
You will not notice it like you notice the "commercial viruses" because your DSL modem flashes while pumping out spam or doing DDOS. Al this thing will do is to get the new "target requirements list" from Langley every few days. After some time the harddisk head will be moving a little to check the index the virus has already created for matching keywords.
Now that the US economy is doing so badly I am sure they will lend a "helping hand" to their ailing corporates. Airbus, Arianespace and Daimler employees beware !
noscript + adblock plus
toss in Linux (or MAC) and you are pretty safe
It's shit like this that makes you realize that these ad folks are probably more dangerous than they're worth.
yay adblock and noscript. The main reason I use them is to stop the jitterbugs and other annoying crap, but if it helps stop this kind of bull I'm happy with that.
Moving right along.
<edits hosts file>
Hosts file is the best solution
I have all the ad-serving domains aliased to 127.0.0.1 in my hosts file. Sod the lot of 'em.
Just another reason...
...for websites to offer their readers/consumers/whatever the option of a paid subscription or an ad-funded model. Some of us do want to support our favourite websites…but like hell am I giving up my AdBlock or NoScript!
on my menu everyday
adblock + ghostery
These ad networks should be liable for any damage caused.
Can anyone get anything right? Seems not!
Double Click shite
Blocked at the router
Blocked by Ghostery
Controlled by NoScript
& filtered by Adblock Plus
Along with anything else remotely similar
Of bears and great detectives....
We need a defecating ursid / non-defecating fictional Victorian detective icon.
using FF and ad-ons doesn't always work
I've tried using FF and such and this caused a huge number of tracking cookie to appear on my machine. My machine slowed considerably.
Will be the death of a lot of smaller sites however.
A lot of small sites live on their ad revenue and that will dissapear as a result of infected ads and all of us blocking them.
I now visit some enthusiast sites that now detect that I'm blocking their ads and politely advise me that in doing so I am not helping them continue running their site.
Damned if you do, damned if you dont.
Hmmm but the suspicious side of me thinks...if ad revenue totally dried up on the web then who would be left to.....oh thats right...just govt websites. Yup, its a conspiracy. lol
Small sites can have a good future
Small sites don't get much ad revenue by definition. My websites get zero ad revenue and this will continue because my users' attention is much too precious a commodity for me to want to sell this to third party advertisers. I'm a subscriber to a site ( lwn.net ) which tried initially to pay for journalism through ads. This wasn't going to work (not enough money from ads to cover costs) and the regular readers persuaded the site to keep going by offering subscriptions.
If a website is of genuine value, the regular users will want to pay the piper in preference to it closing down.
"if ad revenue totally dried up on the web then who would be left to.....oh thats right...just govt websites."
All websites that have something to sell? It's a little strong to suggest that the collapse of the ad market would lead to the demise of sites like Amazon or the likes...
I agree that the little guys suffer though. Maybe it's time for the emergence of ad companies who cater for the little guy. Then you could just unblock IndieAds.com or whatever. Pity there's so much less money to be made from it.
ad merchants have themselves to blame
if you have ever tried to pick through the remote and obfuscated JS being served to your site by an ad vendor and you will soon see they care only for themselves. "Make sure the page waits for our slow ads to show first" etc is not unusual to hear.
Block em all.
Nice ads needed
Like most commentards here, I block ads because they annoy and distract. This piece of news gives me even more cause to do so. But I appreciate the role of ad revenue in keeping useful and entertaining web sites going, so I feel slightly guilty about blocking.
Interestingly, the text-based ads and sponsored listings on Google don't annoy me (though they may be deplorable for other reasons).
What's needed is an ad server that is guaranteed to deliver only plain HTML, perhaps with the more garish tags and large fonts outlawed. I'd be prepared to let that through the filter. They'd have to keep squeaky clean though - one transgression and they're filtered.
I don't feel guilty about blocking
I never, ever buy anything directly from an online ad. When I'm in the market for something, I google and research pricing, availability, etc, and only then do I visit commercial sites that sell what I want. So by blocking ads I'm actually saving the advertiser displaying useless impressions, so they can be used for someone who might actually buy something from it.
Sites that detect my use of an adblocker and prevent me from viewing them go straight onto a blacklist, both at home and at work, and guarantee that I will never do business with the companies/persons behind such sites.
What really irritates me ...
Oh no it does *NOT*.