Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Next Ad You Click May Be a Virus

Posted by kdawson on from the simple-solution-suggests-itself dept.

Jay notes a Wall Street Journal report about ad networks unintentionally selling empty space to malware loaders (the link is to a syndicating site that doesn't require a subscription to view). The submitter comments: "The labeling of the fake ad sellers as hackers is pretty bogus; there's no hacking involved. Simply sign up for one of these networks, create your fake site, put up another company's creative, and you're good to go." The incidents being reported go back a few months, but the pattern of this criminal activity seems to be coming clear only recently."EWeek.com, a technology news site owned by Ziff Davis Enterprise, in February displayed an ad on its homepage masquerading as a promotion for LaCoste, the shirt maker. The retailer hadn't placed the ad — a hacker had, to direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."

28 of 226 comments (clear)

  1. Aren't they all? by Bob_Who · · Score: 4, Insightful

    I mean really, its all just semantics (and semiotics) and we're all infected...cookie anyone?

    1. Re:Aren't they all? by dean.collins · · Score: 5, Informative

      As a content provider (I'm the founder of http://www.livebaseballchat.com/ stuff like this annoys the hell out of me.

      I mean we go to all the effort to secure passwords, code tc - then our users are infected with ads they view....

      We were sourcing our banner ads from Pubmatic but after a two 'problem ads' about 3 weeks I've cut it back to Google + banners we sell internall direct to end companies.

      I dont have any answers but if you have a problem with a website be sure to let the content owners know - they might not even realise they have a problem.

      Cheers,
      Dean Collins
      http://www.livebaseballchat.com/

    2. Re:Aren't they all? by dziban303 · · Score: 4, Insightful

      People actually click on ads?

    3. Re:Aren't they all? by John+Hasler · · Score: 3, Insightful

      Evidently someone does, and I'm grateful.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    4. Re:Aren't they all? by mysidia · · Score: 3, Interesting

      What's worse, is even Google ads can potentially be infectious links.

      The ads that inject javascript and/or exploit vulnerabilities in Adobe Flash, Acrobat, or Office, when displayed are conceivably worse than ones that lead to a malicious page if you click them.

      The article title could just as easily have been "The next Ad you see may be silently infecting you on sight"

      What really needs to happen is, new advertisers need to get vetted extensively.

      Advertisers should have to upload their banner imagery, and get it served by the trusted party (content provider or well-known ad servicing company), rather than get to remote-load content that can't be reviewed in advance and introduce unexpected cookies, javascript, etc.

      And at least the first few times an ad is listed, there should be sporadic manual reviews by Google, et al, (whoever they advertise with) and thorough searches for malicious content...

      Collect a huge deposit in advance of advertising, and have the contract written such that the deposit is forfeit, if there is evidence of malicious code, drive-by download, exploit attempts, attempted worm, or attempted offering of spyware applications via the ad.

    5. Re:Aren't they all? by M8e · · Score: 3, Funny

      Is that bit a 1 or an 0?

  2. what ads? by Anonymous Coward · · Score: 5, Funny

    /strokes adblock

    1. Re:what ads? by hairyfeet · · Score: 5, Insightful

      Actually it is the webmasters and advertisers fault that so many of us use ABP and Noscript. Pull up a chair young'un and let me explain.

      Back in the old days (cue my oldest saying "when folks had 8-tracks and dinosaurs ruled the earth") ads were just a few lines of pretty text or a picture, or hell if you wanted to be fancy a little .gif. But we had us a problem. you see, all these video formats were competing, and most really REALLY sucked. Anybody who went through the heyday of Real player on Windows knows of which i speak, so somebody came up with flash, which worked okay.

      But then the evil advertising execs saw the flash video and said "You know what? I bet we can use this to irritate the living hell out of folks. Let's see them ignore our fricking ads now baby!" and thus was born the Bonzi Buddy of web evil, the "shoot the monkey and win a ---" ads. And they truly were irritating as all hell. but then the other ad execs saw this, and being the evil creatures of Satan that they are, said "we can top that!" and so ads became ever more annoying and evil. In fact I am surprised somebody hasn't put that damned frog in a looping flash ad with little text that says "buy coke"

      Hell for all I know, they may have. I and many other wouldn't know, because one day a great and noble man named Wlad came along and said "Damn, that's irritating as fuck!" and being the great man that he is, created the wonder that is ABP. And all was good. Now if you and any other web masters want to appeal to those of us blessed with the ABP to let your puny site poison our eyes, that is fine. but woe be unto you if you show us even ONE of those damned "shoot the monkey and win a ---" ads for we shall put you in the blacklist for all eternity. Amen.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    2. Re:what ads? by Opportunist · · Score: 3, Insightful

      And in return adblock and noscript is what keeps these pages in existance.

      If you did see those full page flash ads, and you had no chance to block them, would you still visit the page? Or would it not be worth the annoyance and you'd just turn away in disgust? Using adblock and noscript keeps their impressions up and thus keeps the pagemasters from learning that annoying the living hell out of your visitors isn't how you attract people.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:what ads? by John+Hasler · · Score: 4, Funny

      No hope for the Web, I guess. Even if I didn't block the ads I'd never click them, and even if I clicked them I'd never buy the products. The Web is going to collapse and it's all my fault. Sob.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    4. Re:what ads? by Pinckney · · Score: 4, Insightful

      If you did see those full page flash ads, and you had no chance to block them, would you still visit the page? Or would it not be worth the annoyance and you'd just turn away in disgust? Using adblock and noscript keeps their impressions up and thus keeps the pagemasters from learning that annoying the living hell out of your visitors isn't how you attract people.

      People don't care. I find internet ads to be just as annoying as television ads, but most people keep using both without blocking them. Most of the time, when I use someone else's computer, they have no ad-blocking software at all. It's not just lack of knowledge. I just asked my sister if she wanted to block online ads. She said "It's fine. I don't want to mess with it. I really don't care at all." Ads are everywhere in our culture, and most people don't give a damn.

    5. Re:what ads? by mrbcs · · Score: 3, Informative

      This is my favourite piece of sanity: http://www.mvps.org/winhelp2002/hosts.htm One hosts file, one reboot, no more problems anywhere. Shit google ads don't even work. They may show up, but you can't click em. I just got tired of waiting for shit ads to load. I never clicked em, so I'm actually saving the sites money by not having to serve me an ad I'll never click. This also stops tons of phishing sites and other malware. I can even use ie and opera and don't see ads.

      --
      I'm not anti-social, I'm anti-idiot.
    6. Re:what ads? by LKM · · Score: 3, Insightful

      I have a pretty simple setup. I block all Flash, but otherwise allow ads. I don't block Flash because I want to block Flash ads, I block it because it's almost always annoying and pointless and crashing my computer or slowing it down, regardless of whether it is an ad or not. The fact that Flash ads are blocked is collateral damage.

      And I've found that I don't mind most non-Flash ads. I barely ever click on any (save for Google search results), but I don't mind them 99% of the time. And if I do mind them, I just close the window and find the same content on a different site.

      So here's a simple rule: If you want me to see your ad, don't use Flash.

  3. When will this end? by Anonymous Coward · · Score: 5, Insightful

    While the internet is a wonderful thing; I can't help but wonder where did all of the douchebags come from. Every liar, cheat, grifter is taking their shot at fucking up the sandbox we all play in. Its all fun and games when windows users get hosed, but after awhile even that gets old. I am just a tired old man. It makes me sad that my poor view of humanity gets reinforced every time I turn around.

    1. Re:When will this end? by Fastolfe · · Score: 4, Insightful

      Botnets and financial data have value, so it makes sense that there's profit to be had in finding ways to infect new machines. These are the same douchebags that fill up my gmail Spam folder. If there's profit to be had, and nearly zero chance you'll be caught, people will do pretty much anything. It's human nature. All you can do is improve the sandbox so that people can't (profitably) abuse it, and most of the douchebags will leave.

    2. Re:When will this end? by Sponge+Bath · · Score: 5, Insightful

      I feel your pain. The unfolding truth seems to be that they were always there and humanity really sucks for the most part. The internet just makes it easier to tally the grim statistics.

    3. Re:When will this end? by eriks · · Score: 5, Insightful

      Humanity is actually mostly nice, really. It's just that with 7 billion people, even if only .01% are complete assholes, that's almost a million people, and you just know that ALL of those people are on the internet messing with us, and they seem like a billion people thanks to the amplification power of technology.

    4. Re:When will this end? by pushf+popf · · Score: 3, Interesting

      Our internet is still there.

      Usenet, telnet, bash, text-based email, html without plugins, privoxy, linux. It's all still there. Leave the Flash ads and latest "screw you" schemes for the "consumers".

      For What It's Worth, I don't know how anybody can stand it. I walked up to a Co-worker's Vista machine running IE and just about had a seizure as the endless barrage of blinking flashing running ads flew about his screen, occupying at least 2/3rds of the real estate. I don't know why the lusers even bother.

      If my machines looked like that, I'd unplug them all and do something useful like cook for a living.

    5. Re:When will this end? by Foodie · · Score: 3, Insightful

      Why would anyone write a virus that cannot effect 90% of potential targets.

      Think about it. If you used an OS in that 10%, you would never suspect you had a virus on your system, would never bother to look for one. Meanwhile that keylogger, malware, whatever, will continue to work without you ever finding it.

  4. So lucky me... by koolfy · · Score: 4, Informative

    ...having that "Disable Advertising" checkbox from Slashdot :)

    "As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising. "
    Thank you for preventing my Gentoo Linux system for being infec...

    Oh, wait...

    --
    Segmentation Fault in "Life, Universe and Everything" at line 42. Don't Panic.
  5. The Next Ad You Click May Be a Virus by PaganRitual · · Score: 5, Funny

    Or it may win you ... A NEW CAR.

    Are you prepared to take that risk?

    Hmm ... that's not appearing like it should. It's spelt B-L-I-N-K, right?

    1. Re:The Next Ad You Click May Be a Virus by cyberfunkr · · Score: 3, Funny

      Oblig Family Guy:

      Peter: A BOAT'S A BOAT, but the mystery box could be anything. IT COULD EVEN BE A BOAT. You know how much we wanted one of those.

  6. Re:A virus? How? by interkin3tic · · Score: 3, Funny

    Ads link to malware sites?!? YAWN!

    That was quite a loud yawn.

  7. Re:PC huh? by dnaumov · · Score: 3, Insightful

    "direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."

    Do these affect Linux or Apple PC's? I'm guessing it's the good old Windows .exe and .dll again, an exclusive Windows issue disguised as a "PC" issue.

    "direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."

    Do these affect Linux or Apple PC's? I'm guessing it's the good old Windows .exe and .dll again, an exclusive Windows issue disguised as a "PC" issue.

    Yes, this is a "PC" issue, more specifically it is a "moron PC user" issue. Trust me, if the Linux and Mac marketshare were actually worth targeting for malware writers, you would see the very same kind of malware attacks succeed, because if the user clicks "Yes" to all prompts, what's there to prevent the malware from doing it's thing if it's actually designed to run on Linux.

  8. It's worse than that by Erik+Fish · · Score: 5, Interesting

    Not clicking on banner ads isn't enough. For years I've been fine with letting any non-Flash banner ad through, but I a few months ago I finally installed Adblock after finding one too many PDF exploits being loaded through banner ad display code.

    It works like this: You are minding your own business browsing some perfectly legitimate web site when suddenly you get a dialog box asking if you would like to execute the JavaScript in "this PDF document". There's no PDF in sight, no other windows, nothing else suspicious.

    Oh, but you only get this dialog if you have JavaScript disabled in Acrobat (most people don't).

  9. Re:yes, but... by Krneki · · Score: 3, Funny

    Internet Explorer does. Internet Explorer is so awesome, you don't even need to click on an add to get infected. It's will do all automatically for you, there is this new wonderful M$ caching feature that keep clicking the whole Internet for you. Join the botnet close to your home now, all free today thanks to IE9! Remember, iexplore.exe will be always there for you.

    --
    Love many, trust a few, do harm to none.
  10. We allowed them in by Opportunist · · Score: 5, Interesting

    You know, back in the good ol' days of yore, when the internet was young and so were we, we created a beautiful garden. We, the geeks, we came together and we built. We created flowerbeds and hacked away the weed so people could find a path through the wilderness, we invited other geeks to join us in our creation so they would maybe build something even greater on top of ours. We looked at it and saw it was stunning and beautiful, and we looked outside for the "others", the "mundanes", the average guy and we thought, wouldn't it be a great idea if they, too, could see how beautiful and magical it all is? Imagine, when we, a handful of geeks, can create such wonders, what miracles are waiting for us to see if we just let others join in the creation?

    Sure, they were no gardeners, so we paved a few ways through our wonderland, lest they got their feet dirty on the muddy paths we used to walk on. And the people came. They came in, and they looked. Few wanted to create, actually, most just enjoyed the view (hey, how many gardening exhibits do you know where you can see exotic plants without having to pay admission?), some tried to plant but soon got fed up when they noticed they'd have to know a bit about gardening.

    And of course, in came also the ones that find pleasure in destruction, who wanted nothing but to destroy the creations. We had to fence them in, we had to hire guards for our creations so they wouldn't get destroyed. Often enough, those guards were not good enough and quite a few beauties are no more.

    Personally, I wonder if it was a good idea to unlock those doors and pave some ways.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:We allowed them in by Anonymous Coward · · Score: 3, Insightful

      > Personally, I wonder if it was a good idea to unlock those doors and pave some ways.

      It was certainly NOT a good idea. It was, however, inevitable. Not you, not me, not anyone could have stopped it any more than you could have stopped the widespread use of the printing press. In fact, even *less* than you could have stopped that.