back to article Cryptolocker flogged on YouTube

Cryptolocker is being flogged over YouTube by vxers who have bought advertising space, researchers Vadim Kotov and Rahul Kashyap have found. The researchers made the discovery while monitoring YouTube and website banners for instances where malware writers had actually purchased space to foist their wares on unpatched web …

  1. ammabamma
    Joke

    Malware served through ads? Oh dear...

    In order to save the internet tubes undue wear please use the following comment template.

    I do not have to worry about toxic ads because I:

    (Please tick the relevant options)

    #1 ☐ I use Adblock

    #2 ☐ I use NoScript

    #4 ☐ I do not have Flash installed

    #8 ☐ I do not have Java installed

    #16 ☐ I don't use a toy OS

    #32 ☐ I block all advertisers with the hosts file

    #64 ☐ I block all advertisers with a firewall

    #128 ☐ I use a real browser

    (links, lynx, emacs "M-x webrowser-and-the-kitchen-sink", cURL + ed, ...)

    On a more serious note, what happens when something like this hits "smart" TVs and other media devices with Youtube/internet access? I cannot imagine Phillips, Sony, Sanyo et al. will be issuing security updates and I imagine the underlying code is a bit of a pig's breakfast...

    1. J__M__M

      Re: Malware served through ads? Oh dear...

      I do not have to worry about toxic ads at home because I:

      You forgot the at home part

    2. Jusme
      Thumb Up

      Re: Malware served through ads? Oh dear...

      0x7f

    3. d3rrial

      Re: Malware served through ads? Oh dear...

      Am I one of the cool kids, because I use lynx?

      1. phil dude
        FAIL

        Re: Malware served through ads? Oh dear...

        and let's not forget "No DRM in Browser".

        If you think "normal-in-the-clear" malware is bad, wait until it is encrypted and then goes wild.

        And yes, lynx(or links which is slightly better with forms), is sometimes necessary where you don't want to use X, and just want to *read* the page...

        P.

    4. Anonymous Coward
      Anonymous Coward

      Re: Malware served through ads? Oh dear...

      @ammabamma: Instead of #32, run your own DNS server. Simple to do and you then block the adverts to your Smart TVs, Phones, Kettles and anything else on the home network. Including visitor's devices.

      When I visit friends and\or clients on unfiltered feeds I often get amazed at the sheer volume of adverts I am missing out on. Especially on YouTube!

      I still don't understand why adverts have to be run with such complex scripts and access to parts of my computer. They should be a series of images and that is all. The current adverts are like Billboards in the street picking your pockets as you walk past them.

    5. Mayhem

      Re: Malware served through ads? Oh dear...

      @ammabamma

      So a related question - assuming the virus writers are operating under an expectation of many of the above being present ... could this become a silent infection mechanism of a more savvy user?

      After all, being used to not seeing ads means the user becomes complacent in terms of what is rendering on the page. The primary defences on a windows platform are 1/2/4 above.

      Yet Adblock relies on a (relatively) trusted third party list which means what is blocked is known, and could in theory be worked around. To be fair, the vector above relies on a trusted ad delivery mechanism, so should be blocked at the source as I understand it. But if they are tailoring their exploits to language/platform/browser, then they are already being selective in terms of target, so it isn't a huge stretch to extrapolate further.

      Inquiring minds would like to know.

  2. This post has been deleted by a moderator

  3. Anonymous Coward
    Anonymous Coward

    Malware through ads...

    ...again.

    An age-old problem that neither the ad brokers, the ad networks or websites seem to wish to address.

    How about not allowing code in adverts?

    It really needs a class action case against a website and ad network to make them take responsibility for infecting their customers devices.

    1. Malcolm 1

      Re: Malware through ads...

      In any other scenario the idea that you would deliver entirely unvetted code from an untrusted third party to your customers would almost certainly be regarded as criminally negligent. How come advertising brokers get away with it? I refrain from running ad blockers as I like to support ad-supported sites such as El Reg, but unless the ad networks get their house in order I may be forced to reconsider.

      1. Robert Helpmann?? Silver badge
        Childcatcher

        Re: Malware through ads...

        The research pair said there was very little advertising networks could do to prevent the attacks.

        My first thought when I read this was, "Why not?" It's not as though at least one app store has made a reasonable attempt at controlling their process. This shouldn't be that much different. Ads generate enough revenue to be able to support some in-house vetting. Taking control of the process rather than allowing their customers to have free rein would go a long way toward filtering out the riffraff.

  4. Phil O'Sophical Silver badge
    Coat

    Disappointed

    When I saw the headlines I thought we'd be treated to video of a virus-writing script kiddie being introduced to a cat-o'-nine-tails.

  5. ehoffman

    Youtube have ads? Since when?? Was I on an island for the last x years? No, I just use an ad blocker...

    The thing is that I *DID* really asked myself that above question last year! Just to prove how effective a good ad blocker can be :-)

  6. Anonymous Coward
    Anonymous Coward

    This is just plain nasty

    If the authorities ever catch up with the asshats who did this, I hope the punishment fits the crime.

    Dipping in concentrated lye an inch at the time would be suitable, though the electric chair without the sponge "Green Mile" style would be a close second.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019