back to article Dating gets even more dangerous after PlentyOfFish suffers tainted ads

Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads. Users of PlentyOfFish are targeted by an array of fake adverts via the site’s ad network (as.360yield.com). This malvertising serves up content from booby-trapped sites. The Nuclear Exploit Kit hosted on …

  1. Your alien overlord - fear me

    Why contact PoF when you should be contacting the ad-slingers? They're the ones pushing the scumware at everyone.

    1. This post has been deleted by its author

      1. silent_count

        Sorry 'Your Alien Overlord' and 1980s_coder, I can't buy your reasoning.

        If a newspaper printed an advert for something unacceptable (Buy African Children As Your Personal Slaves - $10 + S&H), do you reckon they'd get away with saying, "We just take the advertiser's money but we don't screen whatever they want to print"?

        So why shouldn't a website be held accountable for the adverts which they choose to display on their site?

        1. chivo243 Silver badge

          @silent_count

          Great question. So you're saying newspapers screen their ad content in print version. I think regulations require this. But what happens to that newspaper when they hire an ad slinger possibly the same used by PoF for their web version?

          I agree with you, but do all website owners? www = wild wild west "yous pays yours monies and yous takes yous chances."

          1. silent_count

            @chivo243

            I don't know the legal degree of liability for adverts, either in print or on the web. However if what black hats do is illegal* then the law should apply to everyone, and that could just be a good thing.

            Visitors to PoF get malware. They sue PoF. PoF in turn sues the add slinger. The add slinger then has plenty of incentive to make sure the next bunch of adds they sling aren't malware vectors.

            * Personally I think the internet should be the wild west with no laws governing what you can and can't do but I do acknowledge that's not the world we live in.

    2. DryBones

      "Has this demonstration of the lack of proper ad inspection and sanitization prompted you to re-evaluate your choice of ad network?"

  2. x 7

    "Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads."

    Nothing new - the sites had hacked adverts for a couple of years at least, though maybe not with this specific infection. Avast used to go apeshit whenever I visited it, identifying trojans

  3. Wade Burchette

    There is one way to fix this problem forever

    There is a guaranteed way to prevent malware from spreading through dodgy ads: make web advertisements like they were when the world wide web first took off. If web ads follow the rules below, I will turn off my Ghostery+NoScript add-ons.

    (1) Absolutely no tracking, no exception. This means no ads may contain javascript nor may there be any hidden beacons doing things we don't know about.

    (2) Absolutely no flash ads, no exception. This cuts off another attack vector.

    (3) Absolutely no autoplay video ads except before a video I chose to view. This means when I visit a web page that has a video, the video does not begin, nor the ad before it, until I push play. Not a security risk, but a huge annoyance.

    (4) Absolutely no ads that obscure part or all a website, no exception. Again, just annoying.

    (5) Absolutely no ads that use my IP location to personalize the ad. This mean no ads that say "Surprising secret [your city name] man discovers" type ads. Or "Contact your local Acme car insurance agent Alan Smithee today for a great quote" type ads. Again, just annoying.

    1. VinceH

      Re: There is one way to fix this problem forever

      Quite.

      I am resisting the temptation to create several fake El Reg accounts just so I can upvote you more than once.

      Edit: I've just spotted that you replied to that post saying pretty much the same as you did above.

  4. Rol

    We need to get doing it for ourselves.

    Left to the industry, any solution they implement would by default have a thousand and one back doors and work arounds, so that their interests in sucking the internet dry is not hampered.

    I assume most Reg's are familiar with Ad Bloc and No Script and further assume we are not the ones who unduly suffer, it is our less aware friends and relatives that get suckered.

    So, how do you implement the likes of No Script on grannies computer without setting up a camp bed and ringing in sick for the next three months, all the while tuning No Script to give the old dear the right balance between protection and usability?

    Well, my No Script is tuned to paranoid, as I assume are most others and that setting with a few considerations for those who insist upon Facebook and itunes could be rolled out to the wider community. And that community, without whit or knowledge, can get the benefit from those who tread lightly through the net.

    Once computers start rolling out with No Script and Ad Bloc installed with black and white lists, then the advertising industry will have no choice, but to come to OUR table and discuss their survival on OUR terms. At which point I suggest we put them in a room with Wade Burchette (see above)

  5. Anonymous Coward
    Anonymous Coward

    I quite enjoy reading the Guardian. When I read the paper version, I can see that there are adverts on the pages, but they don't stop me from reading the articles. Also every now and again I will read an advert, and maybe I might look into buying the product.

    On computers with Adblock and NoScript I can also read the articles just fine, and I don't get to see the adverts at all. That's just as good as the paper version, although I realise that if everyone did this the business model for the paper's website might fall apart even quicker than it is already.

    On the iPad I get to see the paper's website in the way that 99 percent of the populace probably see it. It's terribly slow to load, and until all the adverts have loaded I can't read the articles, because the page jumps around to accommodate the banners. When I click to a new page, I have to wait all over again. Clearly this is how the newspaper intended it to be seen, but it's such a horrible experience that I have to wonder why on earth the advertisers and website owner think that's the way to go?

  6. Alan Brown Silver badge

    That's the same PoF

    Which suffered a major security breach a few years ago and proceeded to shoot the messengers instead of fixing the problem.

  7. PassiveSmoking

    Well there you go. Ads aren't just annoying, they're potentially dangerous. Now I have even less motivation to not use an ad-blocker.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like