Slashdot Mirror
Malvertising Campaign Infected Thousands of Users Per Day For More Than a Year (softpedia.com)
An anonymous reader writes from a report via Softpedia: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaigns ever discovered, with signs that this might have actually been happening since 2013. Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month. The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, Ars Technica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.
Yet another attack vector into Windows...does this surprise anyone? And no, this is not a troll. Details in TFA.
Only morons would browse the web without an adblocker anyway.
Yea- Ars Technica disappointed me in there ability to accurately report the news making it sound like the FCC hasn't undermined free software users.
Its why Ad-blocking has become a thing. So, yeah, we're gonna keep blocking ads to avoid this crap.
Stop using Flash. Don't even allow it on your website.
Bring advertising in-house. Its not 1997 anymore, there is no reason to rely on 3rd party platforms for advertising. Everyone knows the internet is a thing now and wants to advertise on it.
Stop looking at those who block ads as your enemies. These are the smart consumers you want to engage with. Unless your shoveling shit of course.
We warned you and warned you this was happening, but you were blinded by money and laziness. Now you're merely getting what was coming to you.
Make sites responsible for the ads they carry. The address networks (Google and whoever is left that they haven't bought yet) will then be forced by the customers with enough power to start taking responsibility, which will incentivise them to do more about the problem. As long as we allow companies to pass the buck, advertising will remain an opportunity for criminals to exploit.
This is one of the reasons I disable Javascript in my browsers (No script, or just flat out disable it.) I only enable it to get the content I need. It's a PITA, but it's safe and speeds up my browsing on everything...
Does it hurt free content providers like /. ? Yes, it does. Does it hurt ad companies? Yes, it does.
Do I give a shit? No, I don't. Am I one of those wacked out crazy anti-ad persons? No, I'm not. I don't mind most ads whatsoever...
So what should they do? Go back to the past. Sell static banners/small animated gifs. No javascript, no flash, no tracking, no malware. Simply sell static ad space for X amount of money per Y amount of time. And serve it to EVERYONE. No need to block it. As it doesn't interfere with the site performance.
But this won't happen. Ad companies make too much money targeting us. Website maintainers can run ads with minimal amount of effort. And client companies get better bang for the buck targeting (rather than just broad marketing campaigns.)
Oh well, I can dream can't I?
This is why I call them not "Adblockers" but "Malware Vector Blockers".
There are ads on the internet?
Who knew?
So rise up, all ye lost ones, as one, we'll claw the clouds.
And, to think, several of those sites had the nerve to chastise me for using it.
SJW: Someone who has run out of real oppression, and has to fake it.
so who is being held accountable for this? nobody? seems blocking ads is not only justifiable but also a moral imperative too.
Anons need not reply. Questions end with a question mark.
I didn't get infected (exclusively Linux and a few Mac since 1995) but I got several attempts of sites downloading Windows scripts/binaries, some weird interaction with a custom Chromium build. I reported them to Google and submitted the sample to a few AV vendors, nobody cares, large sites (think CNN, WaPo, ...) had the same ads attempting the same thing for weeks on end and the download never got recognized by AV. I stopped caring too, the ad sellers sell ads and that's all they care about. AV companies only care about the big threats because scary sells, some custom package that affects a few dozen of their customers doesn't matter.
Custom electronics and digital signage for your business: www.evcircuits.com
zAParKie, shut up and take your pills
Interesting, but is using a hosts file secure? TIA.
Comment removed based on user account deletion
No, blacklists are a poor idea security wise, as it's the threat you don't know that you need to worry about. A default deny policy for ads and scripts from domains you don't explicitly trust is the better security policy.
The APK software isn't open source, so we don't know whether we can trust it or not. That means I won't trust it. I'm not going to run some random EXE file that gets spammed all over Slashdot. Besides, blocking at the DNS level is much more effective.
And how do you trust your sources of the file data aren't hijacked and there is fake data injected, e.g. Redirecting Amazon to a fake server to harvest credentials?
True.That exe requries admin privilege to run in Windows. That is a scary power for an unknown EXE.
HOSTs is not secure by any means.
Modern OSes bypass it.
Many browsers can bypass it with their own hardcoded entries or just outright ignore it altogether (FireFox has had reports of this happening as far back as 2006, for example, and reports still continue to this day.)
Black lists are a shitty security measure. Deny by default and white-listing along with domain-level blocks in your router for the most well-known ad networks is the real answer.
HOSTs is so 1998. Get with modern times and modern security practice.
When my customers wonder why so many internet sites are broken I explain that we don't allow java or javascript and any site that needs it needs to be looked at with a jaundiced eye.
Between noscript, requestblocker and adblock plus, I have not has a single customer fall victim to any of these web based malware packages.
It went on for YEARS before any figured it out? The webmasters of all of those sites had to know something was wrong. Did they never look into the javascript to see what that stuff was doing? Basically why was it so hard to spot?
Every time I talk to my bank they look askance at me for not banking online. This is why I don't.
There was a post two weeks ago on an adtech blog suggesting that some publishers* are about to go full DMCA/CFAA on developers of ad blockers that include an ad blocker blocker blocker. By this legal theory, an ad blocker blocker is an "access control" measure, and an ad blocker blocker blocker is a "circumvention device".
Learning about this plan has led me to think of ways to provide a better experience on a metered Internet connection without specifically blocking ads. One is to set a cap on how much data an individual page loads, with a "Load More" button after each megabyte. Another is to block video content types, script content types, and things loaded from third-party domains. If this becomes common, advertisers will at least have to start making their "creative" leaner.
* Operators of websites that carry advertising.
Bring advertising in-house. Its not 1997 anymore, there is no reason to rely on 3rd party platforms for advertising. Everyone knows the internet is a thing now
How do advertisers know which particular sites are "a thing", especially smaller sites that are too big to be run as a pure hobby but not yet big enough to be household names?
and wants to advertise on it.
But without an intermediary, you can't advertise on "the internet". Instead, you would have to advertise on individual publishers' sites, which is much more time-consuming for both advertisers and publishers.*
Say you have 30 publishers, each of which wants to find relevant advertisers, and 30 advertisers, each of which wants to find relevant publishers. If there is an intermediary, this means 60 contracts to review and sign. If there is no intermediary, there are 900. How does a change from O(n) with an intermediary to O(n^2) without one improve the market?
And even then, how will an individual publisher be able to reassure its advertisers that view and click statistics are accurate and not inflated? All other things being equal, an intermediary such as Google is considered more trustworthy because it has more to lose should a claim of fraud end up substantiated.
* In the advertising market, a "publisher" is the operator of a site that carriers ads.
So what should they do? Go back to the past. Sell static banners/small animated gifs. No javascript, no flash, no tracking, no malware. Simply sell static ad space for X amount of money per Y amount of time.
Sell ad space to whom? Your "no tracking" rule appears to rule out ad networks and ad exchanges in favor of each publisher* having to run its own ad sales department. So what can the publisher of a smallish site do to find enough advertisers to buy most of its inventory? And how can this publisher assure advertisers that the view and click statistics that it provides are accurate?
* Operator of an ad-funded site
Windows itself is proprietary and requires admin privilege to run.
But seriously: On Windows, writing to %windir%\system32\drivers\etc\hosts requires administrative privileges. You can instead have APK Hosts File Engine generate the hosts file in your own profile and then use File Explorer to copy it to %windir%\system32\drivers\etc\hosts.
Disabling JavaScript by default makes sense. But not allowing users to choose to turn it on makes the web less useful.
Browser makers need to provide an easy access on/off button for JavaScript. Brave has one.
For one thing, I do most of my shopping on smile.amazon.com so that Electronic Frontier Foundation. A source is somewhat less likely to attack that vector.
But even if it does, security is a process of which the hosts file is one layer and PKI is another. The server will have to present an X.509 certificate for names smile.amazon.com or www.amazon.com (as appropriate) when my browser connects to port 443. A fake server's certificate won't be issued by either A. a CA certified by Mozilla or B. a self-signed CA that the Perspectives extension reports as consistent.
APK Hosts File Engine is proprietary because APK fears that a malware author would rebrand it the way Chromium was rebranded as eFast.
This is why I always try to block ads as much as possible. I'm using this customized hosts file ,uBlock Origin and Ghostery (there are Chrome versions for the addons too).
This makes my web experience extremely smooth (no dumb annoying ads all over the place) and reduces one big malware/virus/infection vector.
As I know that some adblockers can get shady (adblock plus comes to mind), that's why I use both uBlock Origin and Ghostery. That way, if one tries to slip some ads because they are from a "friendly" company, the other usually with catch it. I've seen this happen in Chrome, where Ghostery was trying to redirect traffic to a place and uBlock to another. Let them fight it off, at the end of the day, still not a single ad :) The hosts file is the final trench, and as it is updated with a certain regularity (and there are different customized hosts files floating around), it is a sort of final layer of armor into my Windows installation.
The result of all this is that I've been going anti-virus/malware free for at least quite a few years, only with the default security software from Windows. No ads, weird "unexplained" virus infections, etc. Oh, I also don't click on dumb stuff that comes via email. The secret is reducing the attack surface, sort of speak, and getting rid of ads is like plugging that pipe of raw sewer shit that comes right into your home.
The industry can cry as much as they want because we, as consumers, are blocking ads, and stealing bread from people's mouths. But just as I can just skip ads on my TV (I can go to the kitchen or record the broadcasts and skip the ads), I have that right to do the same online. If you can't make a business without shoving unsorted, unchecked, miscellaneous ads down your users throat's, then that's your problem. Also, if I think your content is worth it, I will definitely pay for it. But if you are trying to serve me some rehashed shit , just like hundreds of sites (I'm looking at you, online media sites, newspapers, etc.), I'll just skip your stuff all together and find what I want in some other site.
Then why do you not have a little star next to your name on slashdot?
Because Slashdot hasn't sold subscriptions for well over a year. From subscribe.pl:
During the Dice Holdings era, Slashdot instead experimented with giving a "Disable Advertising" checkbox to users with Excellent (25-50) karma to encourage them to provide and moderate comments. After Slashdot and SourceForge were sold to BIZX six months ago, this ended as well.
The subscription page for the red site, on the other hand, is up and running:
Ads are supposed to hack brains, not computers. This is an outrage!
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
See subject: Spreading FALSE rumors isn't going to get you anywhere & it's a good thing in case hosts = corrupted. Can't happen w/ my program resident as I said.
APK
P.S.=> For something like Windows update servers to be hardcoded by IP address is a good measure "just in case" (in case folks' hosts isn't protected by MY program locking it vs. corruption) & I've heard tell that Windows 10 telemetry does but no proof of it not being stopped by hosts that I've seen so far, nothing solid - still, that's easily stopped in 7-8 by reghacks to stop the bad patches that cause it OR by firewall rules (which block less used by malware ip addresses vs. hosts blocking what MOST malware uses since it can be 'fastfluxed', in host-domain names) that stall it... apk
See subject & see here https://it.slashdot.org/comments.pl?sid=9458341&cid=52611445 my code's been verified by malwarebytes as safe (learn to read my posts) also. DNS is inefficient & LOADED with security issues (in a dozen categories with hundreds of example proofs) https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075
APK
You do a good job of projecting you take pills in your off topic trolling post. Is that the best you have? It's pitiful. It's so obvious moderation is abused here on this site and you're the proof.
APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...
Ads rob speed, security (malvertising), privacy (tracking).
Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.
Works vs. caps & PUSH ads.
Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.
Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.
Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).
Gets data via 10 security sites.
APK
P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )
Make the sites fully liable. Problem solved
See subject: IF something good were to be blocked (see tepples post reply to you on that note, he countered you perfectly) I can easily edit hosts to unblock it (easiest data to edit there is vs. addon regex OR dns rules tables IF a user has local wasteful insecure DNS that is).
APK
P.S.=> You guys post by AC, downmod my posts & run THEN restrict me down to 2-3 posts tops, NOT the typical 10 ac posters like myself always, get typically! You're not going to stop me though, cheaters. You hit & run downmod my posts, MOSTLY minus valid technical justifications or using "theoretical phantasyland" ones (which any fool can do, but not everyone designs a good security system as I have that does more with less) like you tried to be shot down by tepples on easily - do you THINK people don't see the crap you pull? Guess again... apk
UBlock can't do these as well as (or @ all) hosts do 4 speed, security, & reliability:
1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C's
3.) Protect vs. dyndns botnet C&C's
4.) Protect vs. DGA botnet C&C's
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks/hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"
Hosts = native vs. illogically "Bolting on 'MoAr'" & not ClarityRay blockable like addons.
APK
P.S.=> Hosts (1st resolver) do MORE w/ less in fast kernelmode & before slow usermode addons
Hosts ~3mb vs. UBlock = 64MB -> http://cdn.ghacks.net/wp-conte...
Adblock can't do (or do as well) 16 things hosts do 4 speed, security & reliability:
1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C servers
3.) Protect vs. dynamic dns botnet C&C servers
4.) Protect vs. DGA botnet C&C servers
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned/downed dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks & hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O us
* ANSWER ="NO"
APK
P.S.=> Ab+ does less vs. hosts less efficiently (a 128-151mb memory hog http://cdn.ghacks.net/wp-conte...)
ClarityRay defeats it
Ab+'s bribed not to work by default http://www.businessinsider.com...
AdBlock's SLOWER: http://superuser.com/questions...
UBlock can't do these as well as (or @ all) hosts do 4 speed, security, & reliability:
1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C's
3.) Protect vs. dyndns botnet C&C's
4.) Protect vs. DGA botnet C&C's
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks/hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"
Hosts = native vs. illogically "Bolting on 'MoAr'" & not ClarityRay blockable like addons.
APK
P.S.=> Hosts (1st resolver) do MORE w/ less in fast kernelmode & before slow usermode addons
Hosts ~3mb vs. UBlock = 64MB -> http://cdn.ghacks.net/wp-conte...
See subject: Can't get sick in the 1st place by what you aren't exposed to & KNOW is bad + hosts = safe too thus.
Secure as the IP stack hosts belongs to helped by my program securing it past Windows' NTFS ACL filesystem rights protections + WFP/SFP - & my program self-checks its .exe vs. corruption.
Especially vs. malware attacks on hosts in usermode my program helps moreso (nothing's "blasting thru it" in usermode - I've tried).
Driver/Kernelmode level code attacks considered too? Yes, NTFS & ACL mechanisms do it.
(Theoretical hosts data source hijacks? X.509 certificates defeat DNS hijacking https://it.slashdot.org/comments.pl?sid=9458341&cid=52611437 & hosts hardcodes BYPASS DNS & it's security + inefficiency issues https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075 )
APK
P.S.=> My program updates hosts itself "refreshed clean" automagically via my program w/ current data too... apk
Tru dat aint it?
See subject & my posts (w/ tepples' too) that FLOOR you & yours (trolls) easily! THIS reply of yours = "best ya got"? Weak... & illogical ad homimen attacks that are OFF TOPIC too.
APK
P.S.=> I find it hilarious when I reduce fools like you to replies like yours, illogical ad hominem attacks - it only means you have no other means & have lost control (not that "you & yours" unidentifiable ac trolls that I BLEW ALL YOUR DOWNMOD POINTS OUT OF easily too ever had 'control' mind you)... apk
Banks I'll grant. They're unusual in that financial industry regulations mean they have the most to lose if a script is found to be unsafe. Healthcare sites are up there as well because of HIPAA (or foreign counterparts).
For sites in less regulated industries, how should a user go about finding whether a site's scripts are safe to add to the user's whitelist?
Say you're researching a topic, and you end up hitting a bunch of dead links because the operator of their respective servers could no longer afford to keep the lights on. Then Somebody Else's Problem becomes your problem.
Two of them are easy. "Encrypted" means served through HTTPS. "Ad choice supported" means supporting the YourAdChoices control to turn interest-based ad delivery on and off.
The other two are a bit more vague, but Google iab non-invasive ads returns IAB Tech Lab Solutions with a bit more explanation. "Light" means a maximum data size, as specified in IAB Creative Guidelines. "Non-invasive" means that ads do not cover the body of the article, and ads other than an interstitial before a video body do not automatically play audio.
proofpoint is some bullshit fucking unheard of site
softpedia themselves host versions of freeware and open source apps with malware and adware in them
Slashdot is sucking the huge cock all day today.
I occasionally wonder about those who complain about the moderation here.
See subject: I give the program away freely. I'm just dispatching trolls. Using technical facts they're blown away now by myself & tepples, 1 by 1.
APK
P.S.=> They try this a lot & the result's always the same - they get dusted... so they start their unjustifiable downmods to "hide" they're defeated as usual & doing trolling/harassing posts by ac etc. in effete 'retaliation' like petulant children... apk
Fuck off APK, AD block is just fine, much better than your option, the 90's called, they want their ad blocking back.
Would WebAssembly be preferable to JavaScript? Because without JavaScript and without WebAssembly, the only possible interaction is following a link or submitting a form and getting a reload of the entire page. This rules out a lot of use cases.