My browser visited Drudgereport and all I got was this lousy malware

New rash of malvertising attacks threatens millions of Web surfers.

Read the whole story

 

[Jason Honingford]

These sites are bullshit anyway.

 

[alansh42]

nehinks[/url]":178rxzmm]
Indeed, I've started to wonder lately if we might not see something like the dot-com bubble bursting with ads. If we hit a turning point where even non technical people start running ad-blocking all the time, ad revenue is going to decrease and we might end up with a lot of sites suddenly not making back their operating costs. :/

It's already happening. A lot of video producers are going to Patreon because the ad views aren't paying anything any more.

 

[cpast]

The sad part is that I have no issue with ads online, generically speaking. I would be perfectly happy with text or static image ads; those also can't really be malware (well, images might have a vulnerability once in a blue moon). But the ads that are actually provided are generic web content that distract me from the page I'm there to see and turn over a section of the page to whoever to do whatever. And so the only possible way to do Web stuff is to block ads.

 

[biggerx]

equine_physics[/url]":kyr9imrd]" Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue."

I am sorry but that is your problem, not mine. If publishers cannot monitor the POS ads they allow on their sites then they do not deserve revenue. I like wunderground and when I saw that I just thank you adblockplus for being on both FF and chrome. If advertisers would understand that fancy pictures, fucking videos, flashing lights, whatever is not going to get me to click on your damn link. A simple ad may, possibly if I feel that for some reason I need to fucking look at a product I don't really need, get me to click away from either an article or radar map that has more value to me.

God I hate ads.

Thank you. One of the top posts here is some guy defending the "little guy" that adblockers hurt. Not my problem.

 

[ImSpecial]

Ad blockers FTW.
Unless websites assume full liability ($$) for the effects of any malware distributed through their site via ads (meaning compensating for the cost of cleanup and opportunity cost while the machine is being repaired), I will continue to block ads, unapologetically.

 

[keyboardsmash]

alansh42[/url]":2ha32jqw]

nehinks[/url]":2ha32jqw]
Indeed, I've started to wonder lately if we might not see something like the dot-com bubble bursting with ads. If we hit a turning point where even non technical people start running ad-blocking all the time, ad revenue is going to decrease and we might end up with a lot of sites suddenly not making back their operating costs. :/

It's already happening. A lot of video producers are going to Patreon because the ad views aren't paying anything any more.

Pure speculation...

It seem after a point in time the advantage of big-data-ad-mumbo jumbo would be only marginal once its adoption is wide spread. Then, I don't know what is the next thing, thermal imagine al XBOX ONE and a pulse (looking at you FItbit/smartwatch bit and company). Not that there is anything wrong with financially supporting what you use. (Donate now to your local public radio station). Is it the old adage of Freemium vs up front subscription cost? Andreas Antonopoulos, 'bitcon jesus' speculates (or implies) that micro-payment, paying pennies to sub-pennies, is one possible long term solution to the 'large' ($20) upfront subscription cost. Like what you read? Click the tip button. That the idea at least.

 

[keyboardsmash]

The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes.

I'm surprised. No, Shocked! That McAfee's ginormously large R&D budget didn't find this first! Shocked! Just Shocked I'd say! /s

 

[jimjimjimjimjim]

Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue.

Stop blaming the victims. Low quality and unsafe advertisements are wreaking your industry. Ad blocking is the symptom not the disease. I reject the notion that there is nothing content producers can do about this.

Look. This is NOT NEW. It's becoming more common and neither content providers or ad companies are doing a damned thing about it. Your ship is taking on water and instead of shoring up the bulkheads, you stand and yell at the water.

If your CEO is not in a conversation with your ad providers about how to better protect your visitors from low quality and unsafe advertisements... well... your doing it wrong. And no, "ad choices" are not sufficient. Bad ads should never be an option.

There is no article so good that it's worth the price of being exposed to that crap. Demand more from your ad providers. You're in a position to do so. Me? Not so much. That's why I block them.

You must be proactive about it. Don't wait until it's a problem. Talk to your ad companies about the dangers of unprotected ads.

 

[Putrid Polecat]

Apologies to ars, but this is why I block ads on ever computer I come in contact with as the very first action, both with adblock as well as on the firewall level. I have made it sacred policy throughout my workplace as well as in the school networks I handle, as well as on every PC belonging to a friend or family member.

Anybody who doesn't block ads is just insane.

 

[Ralf The Dog]

I am sure, I will be down voted for this, I prefer the Democratic/liberal strategy. If companies do evil stuff such as Flash adds, don't buy their stuff and tell them that you don't. Companies that choose to do evil stuff do so because, they think it makes them money. If it costs them currency, they will stop.

 

[carg0]

recommending AdBlock and NoScript is always the first thing that comes to mind whenever someone tells me they've bought a new pc. i've been using both since day 1 and haven't looked back.

just the idea of browsing w/o them is, for me, unthinkable.

 

[OhReallyThatCantBeSurely]

lint gravy[/url]":3b6hqdm0]

flunk[/url]":3b6hqdm0]Just disable or uninstall Flash. It's nothing but a liability now.

True dat. I haven't had Flash installed for over a year now -- there's remarkably little need for it. On the rare occasion that you really need access to something that still depends on it and there's no workaround, keep a small Linux VM around that has it installed. I have linux and windows "quarantine" VMs that I use for running dodgy crap; I periodically revert them to their freshly installed states. Works for flash stuff too.

Works for me, less so for my spouse, but is a reasonably high administration overhead for the kids. Their school sets homework using a wide variety of educational sites, some free and ad-supported, some flash based (blergh), many requiring JavaScript.

For better or worse, it's a fact that many kid-focused education sites and resources look and act a lot like annoying ads ...and whitelisting each of those new educational sites on a day to day basis isn't always practical. Yeah, we try and educate the kids about this sort of stuff, but there's only so much you can expect of primary school kids, and the main focus is on getting their homework done.

 

[Akemi]

Besides things like NoScript, Ghostery, and AdBlockPlus. You can also use a hosts file that's kept up to date with domains known for distributing ads and/or malware: http://winhelp2002.mvps.org/hosts.htm

At this point, I simply block all ads everywhere as nobody, neither the websites nor ad networks, is performing the due diligence to stop these types of attacks (which aren't new). Till sites and ad networks start taking responsibility for this garbage. I suggest you do the same, block every ad, every bit of Java you can't verify, and remove Flash from your PC (let websites that require Flash know via e-mail that you won't be utilizing them till they choose something that isn't the biggest vector for malware on the planet) and make sure your less tech literate friends and family members know to do the same. Till this hits the websites and ad networks in the pocketbook, they'll continue to not give a shit. So you shouldn't give two shits about whether or not they make any revenue.

 

[Eldorito]

jimjimjimjimjim[/url]":nrj7bgtq]

Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue.

Stop blaming the victims. Low quality and unsafe advertisements are wreaking your industry. Ad blocking is the symptom not the disease. I reject the notion that there is nothing content producers can do about this.

Look. This is NOT NEW. It's becoming more common and neither content providers or ad companies are doing a damned thing about it. Your ship is taking on water and instead of shoring up the bulkheads, you stand and yell at the water.

If your CEO is not in a conversation with your ad providers about how to better protect your visitors from low quality and unsafe advertisements... well... your doing it wrong. And no, "ad choices" are not sufficient. Bad ads should never be an option.

There is no article so good that it's worth the price of being exposed to that crap. Demand more from your ad providers. You're in a position to do so. Me? Not so much. That's why I block them.

You must be proactive about it. Don't wait until it's a problem. Talk to your ad companies about the dangers of unprotected ads.

Yup, there is a very easy way around this. Advertising companies and web publishing companies need to band together to form a standards group for making sure that any advertisements shown won't harm the end user. Make sure that this standard is prominently displayed on the site and ask for them to not use an adblocker (easy to make this show up to anyone using an adblocker). Publishers, demand that your advertiser adhere to this standard or you won't use them.

Anyone who serves malware or anything outside of the guidelines, boot them directly out of the network. Have a policy like the ones we're forced to agree to for using websites, a list of what you will and won't show us, video based, JS based, whether or not there's audio, then I'll quite happily allow whitelist any site so long as they can stick to the agreement.

It's only fair. Even Ars has a privacy policy that allows you to determine my location, track it and sell that information to a third party. You've got to start working with us instead of just bitching and moaning about it.

 

[DavidinAla]

sprokets[/url]":35qx98f4]Have any of the people denigrating Drudge actually visited his website? I wish there was a liberal equivalence (Drudge Retort doesn't quite cut the mustard) because the format is incredibly convenient for quickly scanning the news and finding stories of interest.

Also I wouldn't really call Drudge a Republican, he's more of a libertarian, and he's a big gay too.

Anybody who would call Matt Drudge a libertarian has no idea what a libertarian is. He's simply a populist with a generally conservative audience. He's no libertarian.

 

[MlautheFilthy]

TimmyD[/url]":rp76jt29]

MisterMano[/url]":rp76jt29]Using Ghostery + NoScript, some sites refuse to work altogether. NoScript is the main reason, since I have to guess which .js is actually the responsible for rendering the page, but then again, only running scripts that I allow is useful

Yeah, NoScript was too much a pain in the ass to use when a site is almost all JavaScript. With Ghostery, I noticed that comment sections of some sites will not load at all.

I pretty much stopped using No Script because I was spending too much time whitelisting .js files.

But AdBlock? That's a necessity. When I installed Firefox on Windows 10, that was the first thing I installed.

Ghostery is'nt actually all that hard to set up. You need stuff Like API.Google.Com, but after some initial Guesswork, it's practically an automatic deal.

I use Adblock, Ghostery and Privacy Badger. That's a dedicated ad blocker, an anti tracker and one that does both.

 

[mrnomnoms]

I've said it once and I'll say it a million times - make these advertising networks 100% liable for all content that is hosted on their network along with the websites that use those advertising networks. No, you don't get to pillage end users private information then cry innocence when the ad network is then used to spread malware and fraudulent websites. Reminds me of Google and their advertising - routinely I see websites that are outright fraud being advertised and where is Google refusing them service? if they 'show Google the money' then does Google not ask questions? no background checks into who their client is before allowing that said client load content into their advertising platform? As for the excuse, "well there are third parties who resell....etc" that isn't my problem as an end user, if you want to use a network of resellers and third parties for your ad network then that is a business choice you made and it doesn't absolve you of responsibility for what happens on your network.

 

[fishbait]

Cheesewhiz[/url]":3cd3tefl]So if I wanted to find out if my machine was affected, how would I go about it?

AFAIK, it says to install malwarebytes super duper software which is apparently super amazing at stopping this stuff.

In other words, is there a way to check for this without using the software from the company that posted about this? Not that I have anything against malwarebytes, but it ends up coming across as a sales pitch.

yes use any other software, avast comodo, avg, windows defender, Microsoft security essentials kaspersky, etc etc if you have to ask id scan your machine and back up your data up, then take it to another machine and scan the data then wipe the first machine, start over and take it as a lesson to install security software this time.

because if your security software does its job you don't worry about this kind of attack.

edit: grammar

 

[fishbait]

cpast[/url]":3i1g8oxz]The sad part is that I have no issue with ads online, generically speaking. I would be perfectly happy with text or static image ads; those also can't really be malware (well, images might have a vulnerability once in a blue moon). But the ads that are actually provided are generic web content that distract me from the page I'm there to see and turn over a section of the page to whoever to do whatever. And so the only possible way to do Web stuff is to block ads.

id be fine with ads too if sites didn't plaster them on 30% of the screen space, or use blinking, distracting, fullscreen, and web slowing ads, or worse rollovers that don't quit

unless and until the systems for displaying ads become a little more moderate and don't slow my web to a crawl, or use annoying barely avoidable functions that distract and detract from my internet experience i will continue to use ad-blockers

 

[Feniks]

FireWraith[/url]":2cof1jkj]And this is just part of why so many people use adblockers.

Malvertising and bandwidth. 25% of the internet is advertising now

4G is expensive so I am not going to use it for ads.

 

[LeoNatan]

I'd like to suggest BlockParty (https://github.com/krishkumar/BlockParty) to iOS developers. Just run the app and enable the content blocker in Safari settings. This is the best content blocker I've found so far.

 

[Deleted member 192806]

OhReallyThatCantBeSurely[/url]":xmx90kte]

lint gravy[/url]":xmx90kte]

flunk[/url]":xmx90kte]Just disable or uninstall Flash. It's nothing but a liability now.

True dat. I haven't had Flash installed for over a year now -- there's remarkably little need for it. On the rare occasion that you really need access to something that still depends on it and there's no workaround, keep a small Linux VM around that has it installed. I have linux and windows "quarantine" VMs that I use for running dodgy crap; I periodically revert them to their freshly installed states. Works for flash stuff too.

Works for me, less so for my spouse, but is a reasonably high administration overhead for the kids. Their school sets homework using a wide variety of educational sites, some free and ad-supported, some flash based (blergh), many requiring JavaScript.

For better or worse, it's a fact that many kid-focused education sites and resources look and act a lot like annoying ads ...and whitelisting each of those new educational sites on a day to day basis isn't always practical. Yeah, we try and educate the kids about this sort of stuff, but there's only so much you can expect of primary school kids, and the main focus is on getting their homework done.

Interesting how the responsibility part of "internet as a right" comes through loud and clear. Our rights are never as shiny as we think they are.

 

[MrHandsome]

badfrog[/url]":29xnqfz6]I'm convinced I got some variety of malware on my HTPC watching the US Gold Cup soccer matches on foxsoccer2go.com.

Halfway through the first half, a console window popped up over the game's video briefly. Concerned, I minimized firefox and low-and-behold two new IE shortcuts were on the taskbar, and a new Chrome shortcut was on the previously-empty desktop (Chrome wasn't even installed before). Shortly after that we started getting ads injected into pages in firefox, new tabs opening to random sites when we clicked pages, and alert popups telling us to call a number to disable invasive ads (that at least made me chuckle).

Downloaded Malwarebytes (because I couldn't find an install for whatever Windows Defender/MSE is currently calling itself) during halftime and had it all cleaned up before the second half. Watched the rest of the game with no issues.

Couple days later we turn the thing on and started watching the next match. Pretty much the same shit happened again, Malwarebytes detected and removed the exact same malware (the name of which escapes me at the moment).

That HTPC is low-use since our son moved away to college. It had only ever run Steam, Plex, Firefox, and VLC before, and had never been anywhere on the public internet other than firefox.com, adobe's flash download site, and this was it's first (and second) trip to foxsoccer2go. So it had to be one of those that infected it.

It was running Adblock because I install that as a matter of course. It now also runs NoScript, because fuck that noise.

Windows Defender and Microsoft Security Essentials aren't worth anything. Probably wouldn't have found anything. Those "services" from MiniSoft are only for those that bother THEM the most.

 

[Scannall]

Ostracus[/url]":n7er1ob3]I imagine Android/IOS apps that access those services don't have anything to worry about?

Probably not. Since Flash is dead on mobile platforms.

 

[isparavanje]

ethd[/url]":avfqnghw]

bbf[/url]":avfqnghw]WTF?!?!? The headline got changed... thedrudgereport is out and weather.com is in.

I know that the comments have been derailed by drudge report comments, but it would have been more fair to just have changed the headline to be more generic, rather than switch website names.

Not classy, ars.

It's plenty classy. The weather is one of the least contentious subjects there is.

Something something snowballs in DC...

I jest. The exchange about drudge annoyed me too, don't wanna start it again.

On topic: ublock is pretty much open source adblock plus, even using the same block lists, but much more resource friendly since it gets rid of the old code base.

 

[isparavanje]

Dramethia[/url]":16b3nczm]Why would anyone go through a weather website when you can just check through windows? Not Microsoft windows, actual fucking windows. Real time, 100% accurate weather reporting on demand, 24/7 with a few billion year track record of having no downtime!

It's called a: forecast.

 

[bthylafh]

Dramethia[/url]":3cwc9m43]Why would anyone go through a weather website when you can just check through windows? Not Microsoft windows, actual fucking windows. Real time, 100% accurate weather reporting on demand, 24/7 with a few billion year track record of having no downtime!

One wonders if you're similarly confused about the difference between weather and climate.

 

[hescominsoon]

Patching is but one layer. The big issues is the general lack of network security everywhere. Sites using third party advertising networks are hosed. Sites that runs ads in house are slightly less vulnerable. With all of the 0-day exploits being found patching simply isn't enough. I now institute aggressive ad blocking at the edge not the endpooint. It breaks some sites but those can be worked around(if they are truly necessary).

http://www.etc-md.com/archives/3892

 

[Asinar]

I'm not too proud to admit it: I block ads due to how truly disruptive and annoying modern ads are. Any security impact is a nice side benefit, but not part of the original calculus. I'm sure that's true of most people, but don't acknowledge it out of fear of being seen as a freerider.

I don't see how web advertising is viable at all. Studies show that viewers don't even look at them. Overall use of ad-blocks is around 15~17%. Double that for the lucritive 25-35 demographic and approaching 100% on gaming and tech sites.

Every time something like this happens, a larger chunk of the population discovers and starts using them. In response, content providers dedicate more space to ever-more annoying ads and drive even more people into the hands of ad blockers. I'm sure someone like Ars could operate comfortably using the NPR model and its parent company is conceivably large enough to maintain its own ad network. The primary concern are the new entries to the market.

 

[Chemical Tribe]

Scannall[/url]":3zf8og5o]

Ostracus[/url]":3zf8og5o]I imagine Android/IOS apps that access those services don't have anything to worry about?

Probably not. Since Flash is dead on mobile platforms.

WinRT actually still has flash. Albeit on a whitelist system IIRC.

And then there are all the x86 tablets with them

Thanks Microsoft!

 

[SuicidalZerg]

For the record, the ad network mentioned in the article (as well as countless others) is already blocked by the MVPS Hosts file... if you haven't already started using it, I highly recommend it.

http://winhelp2002.mvps.org/hosts.htm

 

[TheFu]

Dillo is my favorite browser.

Visited weather.com with it - the page was mostly blank, that told me everything I needed to know. If a website doesn't work in dillo, I don't need to visit it.

 

[GwT]

Something else that I've noticed, even while clicking on legitimate links on the Ars front page as well as others like MSNBC, are redirects to pages about "your computer is infected" and "your version of Flash is outdated". Yes, I have ABS, Ghostery, Flashcontrol, NoScript and AVG Do Not Track installed on the latest version of Chrome. I've run multiple scans with Kaspersky, AVG and Windows Defender multiple times, with no infections detected. Perhaps Ars should check on itself as well?

 

[DarkSyd]

Putrid Polecat[/url]":27e4kfqd]Apologies to ars, but this is why I block ads on ever computer I come in contact with as the very first action, both with adblock as well as on the firewall level. I have made it sacred policy throughout my workplace as well as in the school networks I handle, as well as on every PC belonging to a friend or family member.

Anybody who doesn't block ads is just insane.

There cannot be enough +++s added to this.

 

[andygates]

jimjimjimjimjim[/url]":2n8iw53t]You must be proactive about it. Don't wait until it's a problem. Talk to your ad companies about the dangers of unprotected ads.

I wonder how far the chain of liabiity could go? I guess the site would say they sold ad slots in good faith, but surely they didn't sell the right to run arbitrary code that may be evil. So it seems the publisher would have a case against the ad network, and perhaps a large multi-headed publisher could make some headway into the whole problem by siccing their lawdogs on 'em.

It'd be great press. Ars, are you game?

 

[andygates]

Ralf The Dog[/url]":316ddhhw]I am sure, I will be down voted for this, I prefer the Democratic/liberal strategy. If companies do evil stuff such as Flash adds, don't buy their stuff and tell them that you don't. Companies that choose to do evil stuff do so because, they think it makes them money. If it costs them currency, they will stop.

That's the free market strategy, and it doesn't apply: the malware isn't coming from real brands anyway. Even if it *looks* like it is, that's just window-dressing while it runs the exploit.

 

[Ted_From_Accounting]

Where is the accountability and who is liable for allowing these malicious ads?
It seems like no one is willing to take responsibility. I feel like sites need to crack down on ad networks and ad networks need to vet the ads placed. Maybe a class action suit against the ad networks would be a wake-up call.

 

[will_brokenbourgh]

Maybe I missed it, but which operating systems are vulnerable?

Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue.

As someone with severe sensory issues, I use an ad-blocker so I can actually read the content on websites that have ads with hyperactive animation or inappropriate content for a married man (distrowatch.com for example). If websites would just use subtle and calm ads, I'd whitelist them, but if they have crazily animated ads that run next to the article I'm trying to read, or have Russian or Asian mail-order brides -- [ Adblock ON ].