Feeds

back to article Opera site served Blackhole malvertising, says antivirus firm

Opera has suspended ad-serving on its portal as a precaution while it investigates reports that surfers were being exposed to malware simply by visiting the Norwegian browser firm's home page. Malicious scripts loaded by portal.opera.com were redirecting users towards a malicious site hosting the notorious BlackHole exploit kit …

COMMENTS

This topic is closed for new posts.
WTF?

I was on the site the other day... Its likely to be a browser extension which has been loaded from another source... or someones being redirected to the wrong site through another site!!!

Theres no malicious code from my extensible knowledge on their website.

1
3
Stop

Feedsportal !== Opera exactly

www.feedsportal.com seems to be the main basis of portal.opera.com or in particular its ads

I saw ads, no malicious code was executed... I'd say its most likely to be an absolute false positive. Given I'm running a better AV in absolute paranoia mode!

2
1
Anonymous Coward

Disable Java, filter all ads, run browser in a sandbox, ditch Flash and Reader, run you account with the lowest possible privileges for getting the job done

It's not hard to avoid the problems.

1
4
JDX
Gold badge

Except when the browser itself has a vulnerability.

2
1
Bronze badge

As a fan of Opera, and of circumscribed technical knowledge,

I see that the active malicious content apparently was in a PDF - so it would be a problem introduced by installing Adobe Reader, and not necessarily the latest version.

Having said that, any web site carrying evil advertisements as described is doing ill.

Also, Adobe seems to have updated to a version 11 - except on Windows Vista which is only given version 10.1.4, at least when I last looked. But of course Vista is obsolete and not fully supported now even by Microsoft. (My Vista machine got some security patches this week, though. They still do those.)

Problems with Adobe Reader 11 are rumoured but shadowy, I think; what catches you out is running an oldef version that hasn't had loopholes fixed.

0
0
Facepalm

Oh dear...

...a night out at the opera and all I got was this nasty virus!!

1
1
JDX
Gold badge

simply by firing up the popular alternative browser software

Since when is Opera popular outside of mobile? Opera is about as popular as Windows Phone 7.

1
6

That would depend hugely on what country you were in now wouldn't it?

0
0
JDX
Gold badge

Which country is Opera popular in then?

1
3

In Eastern Europe.

I don't know why but Opera has a very large market share in Russia, Poland, Ukraine...

I remember an Putin opponent webbloger, on tv. He was using Opera.

0
0
Coat

"Malvertising" incidents are far from rare..

Indeed, El Reg trialblazed this field back in 2004.. http://www.theregister.co.uk/2004/11/21/register_adserver_attack/

I'll get my coat..

1
1
Bronze badge

Issues with advertising

As all major ad services have had the past years adverts are an easy way to try and exploit a wide variety of people on other websites. Everyone loses out as the payment details tend to be stolen, its fortunate that the Opera desktop software no longer relies on adverts inside the browser (The only thing I never liked with Opera).

0
0
Gold badge
Flame

Oh FFS!

It seems likely the scripts had been loaded through a third-party advertisement, a practice commonly known as malvertising.

Bloody ad-pushers and the cheapskate, careless tossers that they are. They need to:

1) Vet the ads they get before they serve them.

2) Only serve ads directly from their own infrastructure, rather than fetching content from somewhere else.

The way they operate now, where what the punter actually gets served is entirely at the whim of whoever bought the slot, is a permanent open invitation for the scrotes to fill their boots. Yes Google, that is evil and you are doing it.

2
0
Silver badge
FAIL

Visitors Fault

They should have never been dealing with Oprah in the first place. It's just there. Sitting. Doing fuck all but bitching anytime someone else (MS) does anything.

0
5
This topic is closed for new posts.