Slashdot Mirror
Malware Installed by LiveJournal Ad
Jamesday writes "LiveJournal recently introduced an ad-supported level. Over the last few days an advertiser used an ad to install the ErrorSafe malware that tried to trick people into believing they had a fault on the computer that needs them to purchase a fix. The ad used a server-side setting and targetted only those outside the US, to prevent LiveJournal's own checks from noticing it. LiveJournal has apologized for the ad and slow response." Even our readers have had to endure more than one browser-crashing ad campaign from time to time. Thanks for sticking around.
This just in: Capitalism and Morals do not necessarily go hand in hand.
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
Newspapers clear ads before printing. Radio stations clear ads before airing them, and so do tv stations. Why should websites be any different?
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
I use an ad-supported LJ account, and the mentioned advertisement was made in flash. I had to deal with it a couple of days ago. Hoo-ray for security holes. Can't we just sue the ad company for unauthorized usage of our computer's resources?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Slashdot has ads? :)
I, for one, do not welcome our new malware-installing overlords!
If all you have is a grenade, pretty soon every problem looks like a foxhole -- MightyYar
Earlier today I searched on Google Groups and when clicking on a link in the result list I got an ad-page that crashed Seamonkey.
It seems to be commonplace these days...
... but they and the advertisers are the ones driving people to them.
No seriously, is it any wonder people turn to ad-blockers? Try reading an informative bit of text when there's a Flash advertisement of box jumping around and flashing like a student at Mardi Gras. I don't care if you are trying to tell me I'm your millionth visitor. You misspelled congratulations! The box makes me wish I had no peripheral vision! FOAD.
Now I know publishers want to make a buck (I have a few websites [sans-advertising] myself), but if the advertisers are going to use annoying/underhand methods, people will take steps to protect themselves. A lot of these companies would do well to look at the sort of program Google offers: inoffensive, targeted, text ads.
In short: make your advertising better -- advertisers AND publishers -- or lose that which you supposedly value. Eyeballs.
If all you have is a grenade, pretty soon every problem looks like a foxhole -- MightyYar
I once played this web based role playing game a while ago. It was just a so-so game, but one exceptional thing I did notice was that while playing from a Mac I would get randomly named .exe files downloaded to my desktop. Turns out that ads on this game site were just full of malware. Visiting from a Windows computer, I was getting prompted to install crap. So I went to report it on their forums and find out what was being done about it. They didn't care! The site maintainers claimed there was nothing they could do about it. It was their ad provider's fault. All they could say was "you should be running malware protections.." Needless to say, I was outraged by this irresponsibility. I told them off and never visited their god forsaken site again.
How can you NOT take responsibility for malware spread through your own site? I understand that people contract out ads, but geez, come on. No need to draw from the bottom of the barrel.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
It's for this reason that any webmaster who insists on using 100% flash to view their site deserves a swift kick to the nutsack.
When all else fails, run.
I gave up on you guys years ago. I'm just here to mock.
Do people still get them? I thought everyone had adblock installed.
Why doesn't the gene pool have a life guard?
The way to discourage this kind of nonsense is to make sure that the advertisers are identified and given a large public black eye. Probably that's not appropriate if the ad just uncovered a bug in the Flash player, but I think it certainly is in the case where an ad installs spyware.
Did the advertiser know this was going to be done? Quite possibly not, but they are still the ones responsible for the ad: they want the good consequences (more sales), so they have to take the bad ones as well. If their bottom line is hurt, they'll start paying more attention to what their ad agencies and other agents are doing. (This is just an application of Murphy's Golden Rule: the guy who has the gold makes the rules.)
While it was good of them to pull the ad from the rotation immediately, they failed in several other ways:
(1) they failed to post a notice or provide links for the removal of the malware. At best in the blog there are references that such removal instructions exist, peppered with a warning that some of them are actually malware themselves. They should have made the fix EASY and FOOLPROOF to obtain after getting their readers infected. It's been how long since they got their subscribers infected and they have done nothing more than to stop more of them from getting infected. They helped to break the computers, they should play an active roll in fixing them.
(2) the impression I got from their posts in their blog was that "oops sorry not our fault, not our advertiser's fault, it's one of the ad companies that subscribed to our advertiser". This is a cop-out. When you provide a service like they do, your advertisement is a bundle that comes with your service, and as such you are responsible for its content. I don't care if it's a 3rd party. You take on the responsibility for the content you deliver, regardless of how you get it. You can have legal arrangements with your content providers that provide YOU with a legal remedy, but the grief passes through you. You get sued, and then you sue the ones upsteam that caused you to get sued. You do not "pass the buck" and point a finger up the chain three levels and say not my problem good luck getting anything out of them, because the consumer has no legal recourse against those people. You as the content provider do have a legal recourse against your advertiser, and they have recourse against their affiliate who caused the problem in the first place. This pass the buck mentality is cheap and lazy, and they should be ashamed for trying to pull it.
I work for the Department of Redundancy Department.
That is why I use FlashBlock. Actually, I use Linux first, so that helps, but when I am on Windows, FlashBlock, in addition to Firefox, helps.
Kernel Krunch - Part of a Complete OS
... but thanks to all those that still view all those damn ads and make all this stuff free, but I'd rather shit on the ads :P
You make sound like someone has been killed..
/. is good for you.
But I kept getting problems with my computer while reading the ad filled apology page.
Apparently, I needed to download some software because my computer was out of date. Thank goodness I visited LiveJournal today, which told me to update with their new UrP0wnd.exe update.
Quality Hosting e3 Servers
"This just in: Capitalism and Morals do not necessarily go hand in hand."
Caveat Emptor
Doesn't matter if its politics, economics, religion, software, hardware, or even information.
The fact that there are people running businesses with questionable ethics in no way reflects on the morality of the underlying economic philosophy. History easily shows that people who have questionable morals have no difficulty working within the structure of any social philosophy which gains any significant following whether it be economic, religious, or governmental in nature.
So when someone comes around selling their alternative economic philosophy based on the idea that the current system inherently lacks morality, caveat emptor.
burnin
Take your head out of your ass long enough to RTFS. Websites use Dynamic content, and the add serving site was specifically serving different content to hide what they were doing from teh website. Even if they did take reasonable efforts to check the ads that were delivered to their customers, the adware infection would not have shown up.
These jokers tried for hours to convince me to install a fairly innocent looking HTML file on my server.
What it does is circumvent the Javascript protection between an iframe and the page it lives on. It gives full access to your site DOM from inside the iframe. The reason is so that their content can "expand out" of the iframe and cover part of the page content.
They claim they don't read your cookies, but that's as far as their "guarantee" goes. Someone malicious on their side could easily read those cookies or access form data, etc.
So my point is - this problem is only going to get worse as advertisers look for more and more obnoxious ways to stick ads in your face.
Finally, the sales lady realized that the site I work for doesn't run ads that expand out of an iframe and admitted that they have an alternative which doesn't require the awful Javascript hack. So it worked out for me in the end. The scary thing was she listed some huge high-profile sites that *did* install their file.
You can read their justification here.
You might want to try using the FlashBlock extension for Firefox.
Here is one. But because it is based upon Christ's teachings, it would be more of a Theocracy with "communism" as it's economic model.
http://www.hutterites.org/
As for being "moral", as long as they do follow their religious code, they are "moral" by definition.
Now, whether the code they follow would be considered "moral" by someone following a different code, well, that's because "morality" is subjective, not objective.
"Even our readers have had to endure more than one browser-crashing ad campaign from time to time. Thanks for sticking around."
Oh? What happened?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
You know, Google ads are the only ads I look at any more. (Hell, I run them on my own site!) They are short, not ugly (because Google cares about the viewer's experience), and quite often very pertinent to the content. I have to try really hard not to puke when I log in to something like Yahoo! Mail! and I see flashing banner ads for "Get your Credit Rating" or "Cheap Mortgages" or "Warning: Your system is broadcasting an IP address! Ph33rz0r teh RFC!". They are the most useless ads ever. The only reason I think they might survive is if the ad networks charge per impression, not per click--because almost nobody would click on them!
ttuttle is a rankmaniac
and this is a great example of why and how at work. As if you needed another reason to get your ISP to run a web proxy running adzapper or switch to one that does.
Help us build a better map!
As a (hypothetical) site visitor, how does simply visiting the site bind me to their terms? Also, if the malware-laden advertiser hits my machine at my first visit, before I have a chance to evaluate the TOS, there's NO way the TOS can be held to protect them.
Moreover, if the malware violates unauthorized-access statutes, the TOS would be well and truly trumped by such legislation.
Overall, they're in a very weak legal position; a reasonable person would conclude that the best course of action is to mitigate the damage to users, FAST and well, rather than take a ho-hum-not-our-fault attitude. Their response speaks volumes about them...
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
Companies like this make the Internet a frightening, dangerous place. They literally attempted to crack into people's computers without their consent.
Why don't we sue them into the ground as pursuing cyberterrorism as a business model?
|/usr/games/fortune
"Capitalism is the extraordinary belief that the nastiest of men, for the nastiest of reasons, will somehow work to the benefit of us all."
God bless anything...that's not windows. :) Being a Mac/Penguin guy myself, it's one of those days that i sit back, sip my glass, and smile at the poor suckers still using windows.
OS X and Firefox with AdBlock and NoScript included for good measure == no worries here.
Still think Windows is [cheaper|easier|better|stronger|faster]?
Yes, they are.
Please, for the good of Humanity, vote Obama.
Simple. Websites need to stop being lazy and host ads on their own servers. Yes, there would beed to be a way for the advertisers to track hits, but there should be a way to do that while keeping the potentially dangerous content off the advertisers site.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Sounds like an attempt at an excuse for not doing one's own vetting. Allowing anyone to dynamically insert arbitrary content, or outsourcing ad vetting to another party makes one vulnerable and blameworthy. Ultimately, it comes down to what do site administrators value. Now we know.
Digital Citizen
"Even our readers have had to endure more than one browser-crashing ad campaign from time to time. Thanks for sticking around."
I apologize for the shameless plug. Uur small company out of So Cal
has the first and only sandbox/firewall for the web browser that
keeps garbage out while you surf the web.
http://www.trlokom.com/product/spywall.php
We've changed a lot of things, but we can't change nature, as hard as we try. It's not projecting, it's just the way it is. You can change yourself, but you start out with basic self-interest, as you're trying to stay alive.
Don't make it sound like he's damning humanity. Humanity does pretty well on its own.
- oZ
// i am here.
What the parent was trying to say, and what was disregarded so lightly by yourself, is that attitudes like selfishness are possibly, indeed even likely, culturally relative. I would argue even that they are not just culturally but individually relative. Though I do not disagree that there may be an urge to satisfy ones own needs (a toddler will wine when it is hungry etc.), there is also an urge for altruism. Psychologists have found that toddlers will try to help others if they know that the person is having trouble. http://www.usatoday.com/tech/science/discoveries/2 006-03-02-toddler-altruism_x.htm This would indicate competing values, and it is up to the experience of the individual, (largely determined by the culture they grow up in,) and perhaps their genetic makeup to determine which of these values is nurtured to become dominant.
/* Prevent flash animations from playing until you click on them. */4 0000"],t v"); }
object[classid$=":D27CDB6E-AE6D-11cf-96B8-4445535
object[codebase*="swflash.cab"],
object[type="application/x-shockwave-flash"],
embed[type="application/x-shockwave-flash"],
embed[src$=".swf"]
{ -moz-binding: url("http://www.floppymoose.com/clickToView.xml#c
Simply stick it in your userContent.css and restart your browser.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Unfortunately, LiveJournal is one of the better ones out there. I've had an account there for three years now, and when I joined, LiveJournal still had the "by invite only" policy. They dropped that policy sometime afterward, then recently implemented the Sponsored+ account option. Although it does mean putting up with ads when reading straight from other people's weblogs, I still have the option not to have them on my own, which means I don't have to put up with them when reading other people's entries from my friends page. Even when I do read from others' pages, the ads aren't generally all that bad, especially compared to the eye-sores that many sites have.
The ad used a server-side setting and targetted only those outside the US
First time ever that being American had been beneficial.
God Be Gone
under XII. ADVERTISEMENT:
"You agree that LiveJournal shall not be responsible or liable for any loss or damage of any sort incurred as the result of any such dealings or as the result of the presence of such advertisers on the Service."
it only takes a few selfish people to screw up a system that relies on everyone not looking out for themselves. In much the same was that democratic governments have been hijacked by wealthy and charismatic leaders, most communist governments, no matter how well-intentioned the original revolutionaries were, have quickly fallen into totalitarianism. Read Animal Farm, it's an excellent illustration of this principle.
It doesn't matter how much you improve yourself; unless an overwhelming majority follow suit, the people who haven't changed will take advantage of everyone else. Honest merchants still have to install theft deterrent systems, not because they most of their customers aren't moral, but because those who aren't would quickly empty the store of small, pocketable items.
That doesn't mean you shouldn't try to live a morally upright life (thogh your self-righteous tone doesn't say much for your position)--but I think there's a biblical reference to being "wise as serpents and gentle as doves."
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
I haven't seen ads since I installed Adblock Plus with the Filterset.G updater.
"May the days be aimless. Let the seasons drift. Do not advance the action according to a plan."
You underestimate the power of groupthink. A lot of our apparent viciousness now stems from the fact that our society runs off it. If we didn't run on a system like capitalism, selfishness would not only be considered far less socially acceptable, it would also actually appear less desirable as a result.
It's all completely moot though. It's like some (hypothetical) study revealing that driving on the left side of the road is more conducive to safe driving. Academically it'd be very significant, but switching the world over would be impossible without creating so much unsafety that it would outweigh the benefits.
Just thought I should point that out, since no one else here seems aware of this fact.
For fuck's sake, when are all the individuals and companies who have had to spend countless hours and dollars dealing with Microsoft's shoddy security architecture going to demand their pound of flesh?
Microsoft is directly responsible for the existence of Spyware, Malware, and Adware.
It's not like they couldn't have foreseen this and dealt with it years ago. No doubt they've always had smart geeks on staff who would happily patch these holes in all versions of Windows, but these bright minds have been forever hobbled by working for Microsoft, which is primarily a marketing firm.
Considering that most of us use their OS's to do our work, and every hour of our time is worth something, and we've spent so much of it on preventable headaches, frankly Microsoft owes us thousands of dollars apiece.
Before you go off on your philanthropic vacation Mister Gates, pay up!
-- thinkyhead software and media
Easier???!!!
Have you recommended Gentoo to your grandmother lately?
Saying it's "instinctive" is not very accurate. Selfishness is one of those key things you could look at between a "nurture vs nature" argument. On average if you could somehow manage not to teach kids either way (which is essentially impossible) you'll probably find the vast majority would be indifferent, and a few would go either way. Most of us obtain selfishness as a result of the world and society around us - usually in the form of what sort of "reward" we recieve for either action.
I don't think the poster's point was that Capitalism is immoral, but that it is amoral, and therefore, if it is to be a beneficial force in the world, morality must be injected into it - or imposed upon it. The same goes for Communism or any other economic system. Whatever the system is, it requires limitations and regulations to keep it in line.
-- thinkyhead software and media
Still more reason to block ads.
You have been around many kids, have you? Kids are instinctively selfish, we nurture in them the desire to share. How many times have you heard Barney sing about the need to be selfish? How many two year olds have you heard parents tell "Stop sharing all your toys and keep some for yourself". My favorite line was an older sibling "Your toys are share toys, my toys are mine"
This is by far the dumbest and most out of touch statement I've ever heard.
This right after they declare that it is against the user agreement to use any type of ad blocking software on your computer. Not when viewing the site, but on your computer.
Do they consider antivirus as an ad blocker now?
Yes I have as a matter of fact. In infancy children require things to be theirs by their respective attention spans - things which are not in their immidiate area just are not their. As they develop they come to have things. When given something a child will naturally take it yes and hold on to it - it is the only way for a child to really posess anything before they would even have the oportunity to share. I have indeed heard parents ask their kids where their toys are, only to find they gave it to so-and-so. Parents typically get upset in such a scenario only reinforcing that children should be selfish. Some cultures around the world do not reinforce such behaviors. Maybe I'm not in touch with the greedy Western values we seem to prize so much, but I wouldn't say that is stupid. Not that would in anyway convince you because you are obviously the esteemed expert on everything.
Well I hope this guy is prosecuted for every computer user he tricked into his scheme, I use typepad after tangling with my Live Journal account to much, I hated having to handcode everything. I bet this company will only shine in the future with all its loyal members livejournal will soon become the next MySpace, I just wonder what Billionair will buy them out when they get that many millions of users.
Nope.
The fact that there are people running businesses with questionable ethics is direct result of the fact that people are running businesses. A business is a capitalist thing. Capitalism doesn't directly encourage dishonest businesses, but it encourages competition, and wherever there's competition, there's incentive for cheating and dishonesty.
It's not about slapping morality rules on top of some system. It's about making immoral behaviours redundant and useless. Make goods so easily available and obtainable that it's not worth the effort to obtain them by dishonest means, simply because honest means are easier, more available and wide open for everyone. Why would I steal my neighbor's car if my own is just as good, and if I need a second one, all I have to do is to ask? Of course that's an utopia, but that's how Communism was intended to work - immoral behaviours become irrational as a side effect of creating the basic workings of the system, distribution of goods.
Just like the purpose of Free Software is not to kill off proprietary software, to gain world domination or to convince people that Free is better. The purpose is to provide good software and make it free.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
Sucks to use Windows, doesn't it, not being able to use "su -" and control everything from a command window while logged in as a limited-permissions user?
Sucks to use FreeBSD, doesn't it, not being able to use the Microtek USB flatbed scanner given to me as a gift because SANE has no such driver?