back to article Malvertising maniac messes MSN, serves corrupted creative

A chap who might just be the world's worst malvertising marauder has popped MSN, potentially compromising some of the site's 10 million daily visitors with an exploit kit so capable it p0wns almost half of those who encounter it. The attacker, understood to be an individual dubbed Fessleak, smashed MSN after popping Yahoo!, …

  1. Destroy All Monsters Silver badge
    Trollface

    So...

    An advertising love canal?

    (And what is a "corrupted creative"? Should that be a "corrupted vital revenue?")

  2. BrendHart

    Yet another reason for installing Adblock.

    1. drexciya

      Or NoScript.

      The problem I have with these developments, is that less-savvy computer users cannot even browse well-known web sites without getting targeted by this type of malware. Why don't the owners of these web sites actually do something about this?

  3. cbars

    why do these two things strike me as so similar?

    Governments: if you can't protect me without destroying my privacy, fuck off.

    Websites: if you can't survive without destroying my security, fuck off.

    Yes, I use ablock etc, but I do allow unobtrusive ads. "Me" is meant generically

  4. Anonymous Coward
    Anonymous Coward

    It seems to me that the Ad networks (and possibly even the websites themselves) should be held jointly liable with the malvertiser. After a few court appearances they would learn to be more careful about vetting the adverts they accept and the customer presenting them.

    1. Aitor 1 Silver badge

      And they are

      But just prove it was them...

      1. Doctor Syntax Silver badge

        Re: And they are

        Initially I thought in terms of civil liability but with the problem becoming so widespread it might be difficult to prove which site delivered the fatal blow. So we have to think in terms of criminal offences.

        The article gives an example of an analysis which, if presented in court by a suitably qualified expert, should be acceptable evidence against any of the actors who can be identified provided. That would be one aspect of proving guilt. The other would be to have participation in such a chain, either deliberately or negligently, found to be an offence. What I'm wondering is whether there is a basis for this in existing law (Computer Misuse Act and equivalents in other jurisdictions or criminal negligence) to be a criminal offence.

        1. Crazy Operations Guy Silver badge

          Re: And they are

          Keeping it a civil offense would be a better move. In a criminal case, the burden of proof is on the prosecutor to convince a jury that the defendant is Guilty beyond a reasonable doubt. Whereas a Civil trial, the burden is on the defendant to prove that they are innocent beyond a reasonable doubt (This is why OJ Simpson walked free in the criminal trial but was found guilty in a civil court). In a criminal court, the defense attorney would just need to argue that the victim's DNS settings or the routing of the poackets were tampered with and the malicious code came from a faked website (In which case the prosecutor would need to gather every packet from the transaction to to actually prove that the code came from the defendant's servers). Beside, a private citizen cannot gain anything from a civil trial, so any fines or punishments would go right to the state.

          What is really needed is a bunch of high-end lawyers working on such a case pro-bono to counter the lawyers the large advertisers employ. You;d also need some large organization to shoulder the burden if the case is lost (In the US, the loser pays the legal fees of whoever wins).

          1. Doctor Syntax Silver badge

            Re: And they are

            " Whereas a Civil trial, the burden is on the defendant to prove that they are innocent beyond a reasonable doubt "

            Actually, no. Civil cases are found on balance of probabilities. And I think even on that basis the plaintiff would have problems in proving that his loss stemmed from a particular site given that he would have visited many.

            OTOH if the offence is to serve up - or participate in serving - malware then that would be provable by the sort of analysis in the article but without the need to prove which particular user was infected by which particular server. Several of the participants at the head of the chain could become liable to prosecution or, to put it another way, they would have good reason to put in place a vetting procedure. The chains which failed to apply vetting might have lower costs immediately but they might find themselves out of business a lttle later.

  5. Andy Non Silver badge

    Just more incentive for people to adblock

    These sites might get the message when everyone is blocking ads. Something will have to give then one way or another, if they want to remain in business.

  6. CAPS LOCK Silver badge

    Surprising that the ad brokers aren't up to speed. All this does is take away their business.

    And create more for Adblock etc.

  7. Anonymous Coward
    Anonymous Coward

    Trouble is...

    that the first broker to vet or limit the content is going to be more expensive than its less responsible competitors and thus shut itself down.

    This means that only widespread ad-blocking or government enforcement are the only workable options.

    Blocking ads remains a foot-shooting option but seems economically inevitable for the advertisers.

  8. Anonymous Coward
    Anonymous Coward

    "a change from leveraging Microsoft’s Azure."

    WTF?

    "a change from using Microsoft’s Azure."

    Ah. Just strip off the twatspeak.

    1. Destroy All Monsters Silver badge

      Re: "a change from leveraging Microsoft’s Azure."

      You are looking at once-in-a-lifetime deleveraging of accumulated speech capital here. If we close the mental gap, we might find ourselves on the same page with rather pedestrian normspeak.

      1. Anonymous Coward
        Anonymous Coward

        Re: "a change from leveraging Microsoft’s Azure."

        @Destroy All Monsters - Like I said - twatspeak.

  9. WankerYank

    AdSpirit.de appears to be on the trusted list with AdBlock Plus

    Check the view link for Allow some non-intrusive advertising in ABP, and do a ctrl+f for "Adspirit.de", now remove the check mark from Allow some non-intrusive advertising if this convinces you they are whitelisted there. I have done since this is the second major posting I have seen related to Adspirit.de slinging malvertising this month. Also it might be good to run MBAM to clean off the Angler PuP as I had to do for my wife's system. Her start page is MSN=( BTW I don't read code I'm just assuming they are a whitelisted advertiser as I found 4 lines pertaining to them on "The List".

    Cheers

  10. razorfishsl

    you want to see this is action....

    go to :

    yoka.com

    ucenter.youka.com

    I can get several tens of hits

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019