Cryptolocker flogged on YouTube Cryptolocker is being flogged over YouTube by vxers who have bought advertising space, researchers Vadim Kotov and Rahul Kashyap have found. The researchers made the discovery while monitoring YouTube and website banners for instances where malware writers had actually purchased space to foist their wares on unpatched web …
In order to save the internet tubes undue wear please use the following comment template.
I do not have to worry about toxic ads because I:
(Please tick the relevant options)
#1 ☐ I use Adblock
#2 ☐ I use NoScript
#4 ☐ I do not have Flash installed
#8 ☐ I do not have Java installed
#16 ☐ I don't use a toy OS
#32 ☐ I block all advertisers with the hosts file
#64 ☐ I block all advertisers with a firewall
#128 ☐ I use a real browser
(links, lynx, emacs "M-x webrowser-and-the-kitchen-sink", cURL + ed, ...)
On a more serious note, what happens when something like this hits "smart" TVs and other media devices with Youtube/internet access? I cannot imagine Phillips, Sony, Sanyo et al. will be issuing security updates and I imagine the underlying code is a bit of a pig's breakfast...
and let's not forget "No DRM in Browser".
If you think "normal-in-the-clear" malware is bad, wait until it is encrypted and then goes wild.
And yes, lynx(or links which is slightly better with forms), is sometimes necessary where you don't want to use X, and just want to *read* the page...
P.
@ammabamma: Instead of #32, run your own DNS server. Simple to do and you then block the adverts to your Smart TVs, Phones, Kettles and anything else on the home network. Including visitor's devices.
When I visit friends and\or clients on unfiltered feeds I often get amazed at the sheer volume of adverts I am missing out on. Especially on YouTube!
I still don't understand why adverts have to be run with such complex scripts and access to parts of my computer. They should be a series of images and that is all. The current adverts are like Billboards in the street picking your pockets as you walk past them.
@ammabamma
So a related question - assuming the virus writers are operating under an expectation of many of the above being present ... could this become a silent infection mechanism of a more savvy user?
After all, being used to not seeing ads means the user becomes complacent in terms of what is rendering on the page. The primary defences on a windows platform are 1/2/4 above.
Yet Adblock relies on a (relatively) trusted third party list which means what is blocked is known, and could in theory be worked around. To be fair, the vector above relies on a trusted ad delivery mechanism, so should be blocked at the source as I understand it. But if they are tailoring their exploits to language/platform/browser, then they are already being selective in terms of target, so it isn't a huge stretch to extrapolate further.
Inquiring minds would like to know.
...again.
An age-old problem that neither the ad brokers, the ad networks or websites seem to wish to address.
How about not allowing code in adverts?
It really needs a class action case against a website and ad network to make them take responsibility for infecting their customers devices.
In any other scenario the idea that you would deliver entirely unvetted code from an untrusted third party to your customers would almost certainly be regarded as criminally negligent. How come advertising brokers get away with it? I refrain from running ad blockers as I like to support ad-supported sites such as El Reg, but unless the ad networks get their house in order I may be forced to reconsider.
The research pair said there was very little advertising networks could do to prevent the attacks.
My first thought when I read this was, "Why not?" It's not as though at least one app store has made a reasonable attempt at controlling their process. This shouldn't be that much different. Ads generate enough revenue to be able to support some in-house vetting. Taking control of the process rather than allowing their customers to have free rein would go a long way toward filtering out the riffraff.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
