Millions menaced as ransomware-smuggling ads pollute top websites Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs. Websites visited by millions of people daily – msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com, thehill.com, zerohedge.com and more – are accidentally pushing out booby-trapped adverts via …
"Surely the huge majority of internet users are technically illiterate (although that term isn't really correct),"
<snip>
I agree and I tend to use the tern "naive users". Now let us all ponder the fact that these naive users have made many a comentard an affluent person God bless their cotton socks.
I think I'll stick with the 'protection racket' known as ad blockers, thank you very much, rather than suffer this nonsense.
Well yes, but it's racket upon racket, all founded on ignoring basic user security in search of The Almighty Buck™. It's 2016 and Windows STILL needs a separate anti-virus tool to be safe near the Internet, and the advertising problem is not exactly new either, is it? WTF are these people thinking not putting in basic security to stop this?
Personally I think that if big sites are serving up ads they are liable for the damage. Sure, they can then pass this on to their ad provider, but that's not my problem. You break my system, you are bloody well liable for the costs and efforts to recover it, and I'm not cheap.
Having said that, this is again fun I opted out of when I switched OS, but even then I had adblockers (now uBlock), a modified hosts file as well as anti-tracking installed (Ghostery). Damn. I would have had fun and be in all newspapers :).
Oh well. Back to work instead - my machine works fine..
"Personally I think that if big sites are serving up ads they are liable for the damage."
They ARE liable,unless they have a big ol "our ads may infect your computer" waiver you have to accept before entering the site... I don't think any lawyers have picked up the task yet, but its just a matter of time.
"Yup. They're running Mint or Ubuntu or Debian or Fedora or *BSD or......"
..... Gentoo. Sometimes I get my systems into a state whereby I wish that just a trojan or worm was involved. On the bright side, after 13 years of extreme system abuse I have skills akin to resurrection.
Somehow I have never managed to take a Linux system beyond repair unless the hard disc is buggered (BSD is the same - I'm told). Windows nerds - you'll never know the joy that is boot off something that is near enough, shuffle a few files and then chroot to put things back in order from the perspective of the patient. The best you (and I - I'm a Windows sysadmin as well) can do is boot off something, copy off data and reinstall from scratch. The recovery console on Windows doesn't even have a browser or an IP stack - rubbish.
If you are using Windows as a daily driver without ad-block, then good luck... So much of the malware stuff that is out there (many unknown) bypasses the AV products. For the last several years, the Pron sites are safer than the news sites for keeping your PC errr, well, umm, "CLEAN?". :) Thats really screwed up.
Ads should be straight up pics and text. Who the !@#$@ in their right mind (in the ad business) would allow ads to run Flash, Java, Javascript, etc etc etc... Idiots... I and many others started ad-blocking for security reasons. (oddly enough, it also means that sites SNAP now instead of draggggggging/struggling to render)
AV protects you from known signatures of known files. It wont protect you against a nasty using a 0-day flash vuln (or a known flash vuln on an out of date flash/java/IE/Silverlight etc). That's sort of the whole point of malware, it bypasses the protection and focuses on the holes.
If you use software that doesn't have the same holes (such as not using IE or flash or java etc) then you have a better chance of not being infected. In this case if you blocked adverts then again you'd be fine.
"Are there any PCs without anti-virus products which are not already infected?"
Yeah. Mine.
And no, I'm not running Linux or BSD. Running Windows 7.
Yes, I'm sure.
I think the OP meant systems actually connected to the Internet :)
Joking aside, you can secure any system. The difference is how much effort is takes to secure it and maintain that security, which is where you make your choices.
In one word, yes. Millions of them. It is not difficult to remain malware-free if you have some basic skills. Anti-virus software is much less effective than simple good hygiene - never use Internet Explorer, uninstall chronic malware vectors like Flash, block ads, you know this stuff if you read El Reg. Or you should.
Edit: "basic" skills for any IT person, I mean. I'm not expecting your Granny to have them. For most ordinary users an anti-virus package is worth the cost. (Not really money, the main cost is the performance hit.) But you centainly don't need one if you have an IT clue.
Yes, my windows 7 and windows 10 machines. Removing Adobe flash and Java gets one quite far, combined with using firefox, since it warns for dodgy sites.
I find it in fat incredible that:
- adobe is not put out of business by the government and its management is not in jail, they are worse than terrorists.
- youtube serves (me) adverts from Riverside soft (or something) asking me to install drivers from them, it had infected the pc of my kid with tons of malware, requiring complete reinstall.
It is an industry wide issue, and nobody cares, like with dangerous cars from the 60's until Ralph Nader came, who should have been given a Noble Prize for the millions of lives he saved since then.
I've noticed a large increase on the number of links in download sites that redirect to at least one link shortener/obfuscator that in turn open another browser window or tab with spoken(!) messages about my computer being infected, please call this number, etc.
These phishing attempts are not new, but I think those link shorteners are also being targeted.
Those stupid link shortners are open to this type of exploit.
I have never ever clicked on one and never ever will. Anyone who sends me one gets a standard email reply explaining why I won't follow their link.
Using a link shortener means that you have no idea where you are going to end up. Years ago I saw one used to take someone to a Pron site. It could have been a kiddie porn site which as we all know means a jail term for those of us in the UK even for just visiting one.
Back on topic.
I've just about had enough of MS pushing Silverlight as a optional patch ever to Server OS's. Hide it and it is like a bad penny and keeps coming back. Why don't they just can it once and for all eh?
As for Flash, you deserve everything you get for using it. The most bug ridden bit of software in history.
As for Flash, you deserve everything you get for using it. The most bug ridden bit of software in history.
Hmm. Given the TeraBytes of patching I have seen float past over the decades I think that specific honour goes by some distance to Microsoft and their products. I know, I know, it's hard to beat Adobe, but I think it still has to learn a lot about epic cockups and ignoring customer security from Microsoft. They're undisputed kings here IMHO to the point of having caused a whole ecosystem on its own just cashing in on the problems. Which, by the way, you pay for too.
The ad industry needs to get itself under control PDQ or face extinction.
Did anyone else read the following and have their head threaten to explode?
"It's important to note that while these popular sites are involved in the infection process they are, much like infected clients, victim of malvertising. The only 'crime' here is being popular and having high volumes of traffic going through their sites daily."
What a crock! The site owners should be held responsible for any and everything they allow to come from their site. If they sub out their advertising, it does not absolve them from responsibility, it is just a convenient way to speed the process along. If you pay for someone for a service and don't at least verify it is being done in a non-criminal fashion, you are still to blame for your negligence.
this just is another nail in the head / and SHOVE A Cactus hard up the ASS of the Ad industry
Just install / run
Ad Blocker ( any is better than nothing )
Ghostery
any Script Blocker
Malwarebytes
Anti virus
the list goes on just block those WUCKIN ADDS
Pass A Law that makes any Site Responsible for any Collateral Damage caused by these add/ infections
Maybe if they end up paying they will clean up their own industry
. . . .nag me about my ad-blocker.
Tell you what: when your site serves malware-via-ad, and you take responsibility and LIABILITY for the malware you serve. . . . I'll consider white-listing you.
Unless, of course, you're Forbes or WIRED. Because you're being such utter assholes about it, Ad-block on your sites will stay until Doomsday + a week. . .
I did add Wired to my ABP white list but 1) it still complained that I was using an Ad-blocker 2) the site went from unusable because I was using an ad-blocker to just... unusable...
Sorry Wired, I won't be back - with or without an Ad-blocker and the rest of them can go swing, I'm not turning my ad-blocker off!
Add this blocking filter in Adblock Plus(without quotation marks):
"|http://www.wired.com/assets/load?scripts=true&c=1&load%5B%5D=jquery-sonar,wpcom-lazy-load-images,outbrain,blockadblock,tracking,ads,wired"
I am not reading them myself, frankly.... but Adblock Plus is good tool, it allows things like this one.
I use a list in my hosts files that I have traced back to here: http://winhelp2002.mvps.org/hosts.htm
Except I use 0.0.0.0 instead of 127.0.0.1. Dunno if this makes a difference. I use a Debian based distribution. Works brilliantly - much better than the ad blocker plugins. Only wish I could find an easy way of importing into ChromeOS and Android. Or has their distributor made it hard for a reason?
ChromeOS and Android are both designed by Google aka
the biggest spammer/advertiser out there.
Why would they let you to block one of their core business ? :)
To edit hosts on Android, you'd 1st need to root your android device
(by using towelroot as an example) but Google constantly updates
its software to patch the exploits making possible to use soft like towel
and to prevent you from rooting its' smartphones/tablets.
Other than that Android is like any other Linux OS in many respects.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
