back to article Ransomware scum add Joomla to their list

The Internet Storm Center (ISC) has spotted 'admedia attacks' breaking out of their original WordPress vectors. According to a post late last week, the ISC (courtesy of author Brad Duncan) posted that “the group behind the WordPress 'admedia' campaign” is now attacking Joomla-hosted sites. The other evolution in the campaign …

  1. Pascal Monett Silver badge

    "a script injection [..] with the JavaScript files [..] carrying appended malicious scripts"

    Once again, Firefox + NoScript stops an attack vector stone dead.

    Man am I glad I use IE only for specific, known sites. Anyone know if this attack could work on Edge ?

  2. Kraggy

    I too only use Firefox+NoScript (+AdBlock for extra defense), blocking iFrames IMO is the biggest defense in fact even though of course script blocking is also key, which is why I'm sad the way Mozilla is taking Firefox.

    If NoScript was available for Chrome I'd be using that browser but sadly there's no sign that it will be and the copy-cats addons for Chrome simply don't do as good a job as NoScript. :(

  3. Spudley

    What's the vulnerability?

    There's been a couple of security patches for Joomla lately. Does anyone know if this attack is using one of those holes to get into systems that haven't been patched? Or is it a new vulnerability?

    Or to put it more simply: Do all Joomla admins need to be worried, or just the ones who haven't kept up-to-date with security patches?

  4. Wade Burchette

    This can all be prevented easily

    Advertisers just need to follow my rules, rules which were being followed once when the internet took became a life's necessity. If they worked once, they can work again.

    (1) Absolutely no tracking, no exception. (2) Absolutely no ad that uses a plugin, such as Flash or Java, or Javascript, no exception. (3) Absolutely no pop-up or pop-under ads, no exception. (4) Absolutely no auto-play videos except when I click on a link to a clearly labeled video. (5) Absolutely no ads that attempt to determine my location; i.e. no "Shocking secret [city name] man discovers" type ads. (6) Absolutely no ads that block part or all of a webpage, no exception.

    If those rules were being followed, malvertising would stop immediately. The web ad business model was successful once when they obeyed my rules, they can be successful again. My privacy and my security are more important than your money. I want you to make money, but not at the expensive of something far more valuable than money.

    1. Joerg

      Re: This can all be prevented easily

      With the Google monopoly the web ad business model is long gone. Now it is all Google and its thousands of fake subsidiaries.

      1. Destroy All Monsters Silver badge

        Re: This can all be prevented easily

        Conspiracy theory!

    2. Turtle

      @Wade Burchette Re: This can all be prevented easily

      I'm kinda wondering why you bothered typing and posting that. But if you're feeling ambitious, perhaps you also could give cancer and heart disease a similar stern talking-to, maybe it will help.

  5. Paul

    it's worth checking you've turned on the a bunch of headers that make the site less prone to these problems

    try https://securityheaders.io/

    on your site and fix it. I've been doing that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019