Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anatomy of an Attempted Malware Scam

Posted by samzenpus on from the dial-M-for-malware dept.

Dynamoo writes "Malicious advertisements are getting more and more common as the Bad Guys try to use reputable ad networks to spread malware. Julia Casale-Amorim of Casale Media details the lengths that some fake companies will go to to convince ad networks to take the bait."

1 of 139 comments (clear)

  1. Re:Good Job Scott... apk by agrif · · Score: 4, Informative

    Good post, but for the record...

    Using "0.0.0.0" instead of "127.0.0.1" is not more efficient because of size. There's only 2 bytes difference between the two; if your computer has a noticeable speedup just because it's reading 2 bytes less per HOSTS entry, you have way too many entries and probably more important problems.

    The speedup, as pointed out by a different reply to GP, is because "0.0.0.0" is widely recognized as an invalid IP address, and just about every operating system will immediately fail if you try to connect to it. Using simply "127.0.0.1", the connect call has to go through the local loopback interface, and actually tries a connection, which adds up if you're accessing a lot of places at once (such as on a web page). The problem is even worse when the computer you're on is actually running something on port 80, in which case an actual connection is made, then fails, taking up more time. Or even worse: the connection times out!

    Using "0.0.0.0" is good advice; I just wanted to make sure your reasons for using it are valid.