You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors Internet lowlifes who used Yahoo! ads to infect potentially countless PCs with malware have struck again – using adverts on popular websites to reach millions more people. Security researchers at MalwareBytes this week discovered the crooks running another massive campaign of ads that use the Angler Exploit Kit to infiltrate …
"The popularity of ad blockers may really force the ad industry’s hand to change how they go about advertising."
Or conversly they might try to get ad blockers outlawed. After all, they acquired rights to an audience in exchange for monetary support to the content providers. If the audience is allowed to avoid the advertiser while still having access to the content, that's stealing, innit? This sorely needed legislation would be much like digital copyright protection, a well-established necessity.
Would this outlawing be considered the moral equivalent of watching commercial TV and forcing you to not go get a beer or make a bathroom run when a commercial comes on? Seems like it....
So why is the legislation "sorely needed" to ban ad-blockers? Stealing? Really, do explain...
"Stealing? Really, do explain..."
Might be a reference to some marketing bod a few months ago who equated not sitting there religiously watching adverts on advert-supported TV with theft of services.
The general consensus in the comments -IIRC- was that he was an entitled twat who could go fuck himself.
Can't remember the details, but he was a high-flyer with some TV company...Sky maybe?
"Don't forget that 40% of us are illegal aliens, so we're scurrilous, sneaking toilet-cleaners, and when we do speak it's in some other language that has accordions playing in the background."
You've got that wrong, the Scots aren't classified as illegal aliens. Yet.
I value my system security. All I'd get from an ad server who contaminated my machine is a "sorry", I very much doubt if they'd pay compensation for the cost (time and money) for fixing the problem. Ads should be small (seeing as they eat up my bandwidth), not involve flash, pop-ups or use of a scripting language. That would cut down on a lot of the malware attack surface. They should also not interfere with the page rendering process - having a page not load because it's waiting for a tardy ad server to cough up is not going to present a product in a good light.
On second thoughts, I'll continue with the script and ad blockers because I don't trust any random third party to protect my system so a good first line of defence is not to let them have access.
I note that I'm seeing cookies and ads trying* to appear here on El Reg from Adspirit via Google. Let's be careful out there.....
I have most ads automatically blocked and the 3rd party cookies "prompted" just for curiosity. It's surprising the amount of crap that tries to get through.
I have NoScript set to "Forbid Scripts Globally". You should see the amount of 3rd-party JavaScript in the NoScript pop-up menu; on many sites I've seen lists of domains so long that it makes the menu scroll.
Figuring out which ones need to be unblocked to make the page work is an exercise in frustration too.
I can think of no good technical reason to do it. The risks however are obvious.
Figuring out which ones need to be unblocked to make the page work is an exercise in frustration too.
Simple process for me. If you're trying to sell me something, your page renders to a usable level without js.
If I can't use your page without js I can't buy anything from you.
Anything else may depend on how much I really want to see what may be hidden behind the js.
I tend to get a good idea of what is what and ignore the advertising and tracking ones.
Perhaps someone can help with one though.. In the last few days have seen a "panel html" coming up and noticed when I allowed that to see what it does, even the google search page refreshed. Doesn't google have enough crap on their visually minimal page? if I click on the "temporarily allow" I see the field change to "temporarily allow blur://panel.html". Can someone tell me wtf this is? (off to Google to search)
(damn, that's everywhere! Just seen it in El Reg as well. Has my browser somehow been hijacked?)
Edit: Ok, it seems to be part of the "blur" extension which was I recall "Do Not Track Me" some time back.. What comes of browsing on my windows machine which I seldom use for this. Now, to remove some extensions...
This post has been deleted by its author
They, even more than advertising, are one of the banes of my existence.
They require flash, java, and a variety of other plugins such as ActiveX and every other malware magnet de-jour, just so you can answer normally blatantly obvious multi-guess questions to qualify online for access to a building site.
Particularly with our good old Australian ADSL internet access, that streams the associated videos at 0.5 bits per millennium.
All for the purposes of safety of course.
Then you're not working from the inside of an enterprise. Many enterprise units contain control sites that require Flash or other compromising features just to operate. And since these frontends are attached to highly-expensive, usually-still-being-amortized hardware, you're never gonna get the bean counters to put up for replacements.
There's three ways this usually happens.
Dodgy sites, you have dodgy ad brokers that'll just put up whatever ad. You know the ones I'm talking about, they'll usually have incredible numbers of popups and popunders too.
Sites that are not dodgy will deal with some reputable ad brokers, but they may deal with some other ad brokers, those may deal with some, usually when these get a dodgy ad slipped in it's 4 or 5 layers deep down that chain. Typically the ad brokers stop doing business with the offending broker (and one "further up the chain" may stop doing business with the one that passed the ad to them, and so on.)
Third method, tampered javascript. The javascript served by one of the ad brokers to do the actual ad brokering is tampered with, the ad broker's ads are clean but the tampered javascript loads dodgy content instead of (or in addition to) loading the legit ad.
"The popularity of ad blockers may really force the ad industry’s hand to change how they go about advertising."
Wouldn't it be nice if they did just that, and concluded that people find unobtrusive, static adverts acceptable - say, just PNGs used for banners, with no Javascript required to display them, just an <img...>, and everyone in the ad industry started presenting their adverts that way.
The more likely outcome is that they'll look for a way to get around the ad blockers - and make their adverts even more obtrusive to boot. (Or see Big John's comment at the top for an alternative hypothetical road ahead.)
"The more likely outcome is that they'll look for a way to get around the ad blockers"
The Grauniad now has a pop-up effectively saying "You are using an Ad Blocker - please click here to find another way to support us". Don't know if a third party on that page could do the same to give a malware redirection.
I use NoScript + Ghostery in my Firefox browser. I will cease using these if advertisers follow these simple rules:
(1) Absolutely no tracking, no exception. Which websites I go to, which items I click on, what I do is none of your business. (2) No javascript in the ad, no exception. (3) No autoplay videos ads except before a video in which I chose to watch. (4) No IP location ads, no exception. These are the ads that say "Shocking secret [your city name] man discovers". (5) The ad may not cover part of all of a web page at any time.
In short, I use allow advertisements again when they return to the way they were at the beginning of the world wide web.
"[...] or setting the plugin into "click-to-play" mode will slash the risk of attack. "
Can't see such an option going via Control Panel - Flash icon on W7. Browser is FireFox - can't see an option in Plug-ins - Shockwave Flash.
The Daily Telegraph annoys me when its video inserts start playing automatically.
Can someone point me to the "click-to-play" option page please.
"It's in the addons panel - go to the plugins men [...]"
Thanks for that. However the resulting functionality is not what I wanted. It just gives a grey image with the icon to request to activate it. That means I have no way of knowing what the video is going to be if I allow it to run. All I wanted was to be able to default to "no auto play".
The thought occurs to me. Does the malware need the Flash video to actually start playing - or is just loading it into Flash without it starting enough to do the damage?
If the industry wants the income it must be prepared to accept the liability. Given that the user's point of contact is with the site rather than the broker the liability should fall on the site. The site itself might then push the liability onto the broker. Otherwise you're saying that in order to read the content the user must may a ransom to some scumbag.
...to describe the act of having malware inflicted on your system by a skeezy Web ad. I don't know all the sordid details, so I won't say that Drudge Report deliberately serves up skanky ads, but I've always had the distinct impression that Drudge sure as hell doesn't care what kind of ads are served there.
I read Drudge Report regularly -- only for cheap laffs, of course -- and I noticed very early on that it was Skeezy Web Ad Central, notorious for the infamous wildly-flashing phony "Virus Alert" banners made up to look like a Windows alert box, along with other varieties of nasty-looking, tacky animated banner ads.
Mind you, it's been ages since I've seen one of those, as I've been AdBlocking, FlashBlocking and NoScripting like a sonofabitch for as long as that technology's been available.
Of course, I've also used only Macs for the past thirty years, so that helps, though I've never bought into the idea of "security through obscurity". Still, every time I read in the Reg about the latest Windows malware scourge, I think "there but for the grace of Steve go I..."
"Interesting to see that "Drudged" has become a verb to describe the act of having malware inflicted on your system by a skeezy Web ad"
I think it's simply a pun on Judge Dredd where judges would say "You have been judged" just before passing sentence. Often a very unpleasant sentence.
My suggestion is that all major sites and advert funded sites must only support secure HTTPS requests, and browsers must only support secure HTTPS requests in/from HTTPS pages, including via redirects; that way safe-site white-lists can be enforced in depth via HTTPS certificate management, so hopefully make hijack or redirect exploits much less effective.
Obviously any browser plugin version which does not abide by the above suggested browser HTTPS page restrictions should also be blocked by the browser, including possibly Flash, Java and Silverlight.
Oh course I use content white-lists extensions, plugin etc., only naive, lazy or stupid people don't, including for corporate intranet sites with WTF active requests to external internet sites and/or use of Flash!
Hell, I can't remember the last time I had Java enabled in any browser I've ever used, as it could pretty much be counted on to slow page loads to a crawl, if not flat-out locking up and crashing the browser.
They call those little turd nuggets "crapplets" for a reason, y'know...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
