Slashdot Mirror
Google's Doubleclick Ad Servers Exposed Millions of Computers To Malware
wabrandsma (2551008) writes with this excerpt from The Verge:
Last night, researchers at Malwarebytes noticed strange behavior on sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on the sites were being unusually aggressive, setting off anti-virus warnings and raising flags in a number of Malwarebytes systems. After some digging, researcher Jerome Segura realized the problem was coming from Google's DoubleClick ad servers and the popular Zedo ad agency. Together, they were serving up malicious ads designed to spread the recently identified Zemot malware. A Google representative has confirmed the breach, saying "our team is aware of this and has taken steps to shut this down."
So to all those site operators that cry foul when I say I block all ads all the time: This would be why. It's not because I object to being shown products I might be interested in. It's not because I'm trying to hurt your revenue stream. It's because ad delivery servers are so ubiquitous, they're a major malware vector.
Sorry, but funding your site is not worth my entire network getting infected. You want me to change, lean on the advertisers to stop pushing security responsibility solely on the end user.
Just use adblock+. It is much faster.
One of the best endpoint security tools you can deploy.
Sometimes pages serves content from a different domain but that is rare enough to manage manually.
Not anymore.
Far too many sites (/. included) have or use a CDN for content.
And they will fetch at least half a dozen scripts for bookmarking/sharing with facebook/linkedin/tumblr/twitter/pinterest/googlehangouts/etc
Then, they'll try and fetch a non-zero number of tracking/website monitoring scripts.
Ghostery says http://slashdot.org/images/njs.gif is a 1x1 pixel tracker for WebTrends.
[Fuck Beta]
o0t!
I just checked both of the sites you mention, and they show up just fine with no warnings or kick-out messages.
You just have to live with the fact that they both look like they were made in 1996, with no CSS or fancy layouts.
You don't see it? Here's why:
- Firefox (current version, just update as they do, no need to hold back)
- AdBlock+ (to block ad server requests before they ever happen)
- FlashBlock (to stop execution of Flash objects post-load, but pre-run)
- NoScript (to whitelist Javascript execution)
- RequestPolicy (to whitelist Javascript remote loading)
- NoRedirect (because some sites use an onLoad Javascript to remove a time-delayed meta redirect that kicks you to a "use javascript or die" page)
- Ghostery (to refuse all sorts of nasties)
- Click To Play per-element (to put Firefox back to pre-24 behavior for FlashBlock)
- Click to play switch (to allow me to toggle the above click-to-play modifier)
I haven't met a site yet that can stop me from browsing any part of it I want. Couple it with Firebug and good old Web Developer Toolbar, and I can extract things they think are hidden.
That's the problem with all these stupid newbies on the 'net these days: they just don't know how shit works. It's like old-school management just gave them a full-on stupid transplant, and they think they rule the world because they use a frickin' Mac. Nevermind the fact that Mac users are generally about as far removed from "how shit really works" as any computer user can actually get without shorting out their keyboard from the drool.
No offense if you don't fall into that category. I'm just ranting now. You, in fact, seem to be one of the sane people that blocks all of this crap up front. Just don't give up on getting whatever you want just because they throw up a full-screen div overlay. Nuke that shit from orbit with whatever tools you have, and for god's sake, don't be afraid to use an HTTP mimic tool to scrape whatever you damned well please.
Depends on the browser - IIRC on Chrome, it can't prevent ads from being downloaded, it can only prevent them from rendering. Or at least that was the case several years ago, maybe Chrome's added the APIs for it by now.