Malware That Fakes Bank Login Screens Found In Google Ads

tedlistens quotes a report from Fast Company: For years, security firms have warned of keystroke logging malware that surreptitiously steals usernames and passwords on desktop and laptop computers. In the past year, a similar threat has begun to emerge on mobile devices: So-called overlay malware that impersonates login pages from popular apps and websites as users launch the apps, enticing them to enter their credentials to banking, social networking, and other services, which are then sent on to attackers. Such malware has even found its way onto Google's AdSense network, according to a report on Monday from Kaspersky Lab. The weapon would automatically download when users visited certain Russian news sites, without requiring users to click on the malicious advertisements. It then prompts users for administrative rights, which makes it harder for antivirus software or the user to remove it, and proceeds to steal credentials through fake login screens, and by intercepting, deleting, and sending text messages. The Kaspersky researchers call it "a gratuitous act of violence against Android users." "By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q," according to the company. "There you are, minding your own business, reading the news and BOOM! -- no additional clicks or following links required." The good news is that the issue has since been resolved, according to a Google spokeswoman. Fast Company provides more details about these types of attacks and how to stay safe in its report.

Please log in to slashdot.

In order to view this post, please reply to it by logging into your slashdot account. Please enter your username and password in the reply box and press the "preview" and "submit" buttons.

Re:Please log in to slashdot.

Is this the problem with slashdot this evening? If so, this is my last post here, not that it wasn't already dwindling.

Re:Please log in to slashdot.

jsm
portmanpetrified

Re:Please log in to slashdot.

[GrumpyNope]

hunter2

Re:Please log in to slashdot.

*******

Why do I only see stars in your post?

Re:Please log in to slashdot.

[Anubis+IV]

Love it. Obligatory link for anyone who's been living under a rock.

Re:Please log in to slashdot.

[pontoffel]

nsf001 smashthestate

Boom, indeed

[turkeydance]

as the old movie said: the only winning move is not to play

Re: Boom, indeed

Or use cash only, never had a problem since!

Re: Boom, indeed

[duke_cheetah2003]

Good luck with that, just hope you never get targeted by the cops. Note that you need not do anything wrong or illegal to be a target of civil forfeiture. Just carry around cash...

I have no sympathy for idiots transporting large sums of cash. You're just an idiot if you do this. If you need to make a large transaction, get a frickin' cashiers check. Frankly, you're lucky if the cops are the ones who seize the moolah and let you walk. A criminal would shoot you dead, take your cash, your car and your phone.

Re:Boom, indeed

Install AdBlock Plus.

The "obligated to see ads to pay for content" argument does not hold up when the risk of receiving malware from ads is this high.

Re: Boom, indeed

A criminal would shoot you dead, take your cash, your car and your phone.

NOT MY PHONE!! ANYTHING BUT MY PHONE!

Captcha: horror

Re:Boom, indeed

[Z00L00K]

“Certainly the game is rigged. Don't let that stop you; if you don't bet you can't win.”
  Robert A. Heinlein, Time Enough for Love

Re:Boom, indeed

Install AdBlock Plus.

The "obligated to see ads to pay for content" argument does not hold up when the risk of receiving malware from ads is nonzero.

ftfy

Re:Boom, indeed

> The "obligated to see ads to pay for content" argument is the sound of some whiny prick with an overblown sense of entitlement. It is worthless and holds no water.

Fixed that for you both.

Re: Boom, indeed

[Applehu+Akbar]

"I have no sympathy for idiots transporting large sums of cash. You're just an idiot if you do this. If you need to make a large transaction, get a frickin' cashiers check. Frankly, you're lucky if the cops are the ones who seize the moolah and let you walk."

And I have no sympathy for the next cop who gets shot by someone whose cash he was about to seize.

Re: Boom, indeed

[JustAnotherOldGuy]

I have no sympathy for idiots transporting large sums of cash. You're just an idiot if you do this.

So we should avoid doing things that are perfectly legal just because the police are crooked?

We should all try to make sure to live our lives under their boots in a way that appeases them the most?

Fuck you.

Re: Boom, indeed

[JustAnotherOldGuy]

And I have no sympathy for the next cop who gets shot by someone whose cash he was about to seize.

Same here. When police break the law, they're no longer the police- they're gang members with uniforms.

Re:Boom, indeed

[mschwanke97402]

“Certainly the game is rigged. Don't let that stop you; if you don't bet you can't win.” Robert A. Heinlein, Time Enough for Love

Best quote I've read this month. KUDOS!!

Re: Boom, indeed

If you encounter a criminal that's willing to shoot you dead before demanding that you hand over your possessions, does it really matter whether you have cash or a check?

I usually carry around $1-2k and usually a .380 or sometimes a 9mm. I think it's typical for criminals to first use threats in an attempt to coerce a person into giving up their valuables. If criminals are just going to kill you before attempting any coercion, you're screwed no matter what you're carrying.

Fucked Company

[xxxJonBoyxxx]

>> Fast Company blah blah...

I thought that place folded in the late 1990's. Did somebody buy the rights or has Fast Company just been quietly publishing to some invisible niche for the past 16 years?

Re:Fucked Company

[nitehawk214]

Fast Company popped when the bubble popped. The zombie has been limping along for the last 15 years somehow.

I do miss Fucked Company, though. Those were some wild days back in the early aught's.

Re: hehe I'm better than u @250 mpg

Hey! My Chevy volt gets 250+ mpg. So I'm better than u, uBlock!

Ad blocker!!

[Futurepower(R)]

This Slashdot story is a very effective advertisement for ad blockers.

WTF????

[JustAnotherOldGuy]

"It then prompts users for administrative rights..."

Why would you give admin rights to something you didn't explicitly download?

Re:WTF????

[duke_cheetah2003]

"It then prompts users for administrative rights..."

Why would you give admin rights to something you didn't explicitly download?

You're talking about end users. Something pops up they just click whatever makes it go away. You think they pay attention to that?

Re:WTF????

Social Engineering, people often do things they know they shouldn't.

Re:WTF????

[Tom]

You're talking about end users. Something pops up they just click whatever makes it go away. You think they pay attention to that?

They would if Microsoft hadn't spent 10 years training them otherwise.

Confirmation dialogs are a good thing that has been destroyed by overexposure.

Re:WTF????

[duke_cheetah2003]

You're talking about end users. Something pops up they just click whatever makes it go away. You think they pay attention to that?

They would if Microsoft hadn't spent 10 years training them otherwise.

Confirmation dialogs are a good thing that has been destroyed by overexposure.

I think ads have contributed heavily to this training, too. People see something pop up they just want it to go away. As much as some of us would love to blame Microsoft for all our woes, the ads themselves bear a heavy responsibility for that training.

And publishers complain about ad blockers

[Solandri]

It's because your ad business model is broken. How long will it take before you admit to yourselves that accepting random scripted ads from an insecure third party ad farm totally out of your control is stupid? Either vet the ads yourself (and accept responsibility if you let a malicious ad get through), or contract it out to a third party security service which does it for you.

Too hard you say? Here's a hint: If the only ads you allow are a static JPEG which clicks through to the advertising site, you've done your job. Newspapers and magazines got along just fine for over a century with static ads. Advertisers don't need scripting, and in fact they've demonstrated they're too immature to be given the power of scripts.

Re:And publishers complain about ad blockers

If the only ads you allow are a static JPEG which clicks through to the advertising site, you've done your job. Newspapers and magazines got along just fine for over a century with static ads. Advertisers don't need scripting, and in fact they've demonstrated they're too immature to be given the power of scripts.

Is it safe? ... Is it safe?

Is it safe?

Is anything internet connected truly safe?

Re:And publishers complain about ad blockers

If the only ads you allow are a static JPEG which clicks through to the advertising site, you've done your job. Newspapers and magazines got along just fine for over a century with static ads. Advertisers don't need scripting, and in fact they've demonstrated they're too immature to be given the power of scripts.

Is it safe? ... Is it safe?

Is it safe?

Is anything internet connected truly safe?

Safe is not a Boolean.

Re:And publishers complain about ad blockers

[dohzer]

Malvertising is the RESULT of ad-blockers.
If some of us weren't blocking their ads they wouldn't have to stoop to stealing money from the few people who still see them.

Re:And publishers complain about ad blockers

[Dutch+Gun]

Safe is not a binary yes or no. It's more of a spectrum.

At one end, we have static HTML with no scripting, and a modern browser with robust content interpreters, hardened over the last two decades. We're not likely to get infected with a jpeg file or random HTML parsing flaws anymore (although it's not impossible more flaws will be found - look at Android's StageFright bugs). Besides, you notice that article was written in 2004, right? If you're using a circa 2004 browser or unpatched OS, it's your own damned fault for whatever happens.

On the other end of the web browsing safety spectrum, you have Flash and random ads that may or may not be served from an unvetted server in Bosnia, that have full access to a very powerful interpreted scripting engine, and with one tiny flaw, can infect your computer. Or, they'll bombard the user with scamware or phishing attacks to trick them into giving them access. It ends up the same either way.

Given that allowing ads or running Flash exposes us to significant risk for no gains, it's a pretty simple choice to make for informed folks. Oh, and I'm not vehemently anti-ad. For instance, I don't mind the ads on Slashdot, and have never turned them off. I figure they're safe enough and hopefully make the site a bit of money.

Re: And publishers complain about ad blockers

No. It's the result of a stupid industry. Anyone who works with ads on the internet or a site funded by ads is guilty and a scumbag. Fucking die already.

Re: And publishers complain about ad blockers

But the more malware found in ads the better. It legitimizes the use of adblockers and decreases end users' trust in companies like Google.

Re:And publishers complain about ad blockers

How is that 4-insightful?

>I figure they're safe enough and hopefully make the site a bit of money.

Are they? So many different source of javascript code are runnind in the context of your browser... If it was just an image ok. But js, no no no! Not safer than flash or a embedded pdf reader. Running js from any external source expose you to significant risk for no gains.

Some of third party js on /.:
https://ads.pro-market.net/ads/scripts/site-143573.js
https://analytics.slashdotmedia.com/sd.js
https://www.googletagservices.com/tag/js/gpt.js
https://cdn.taboola.com/libtrc/slashdot/loader.js
https://s.ntv.io/serve/load.js
https://a.fsdn.com/sd/js/scripts/ad.js?release_20160811
https://d3ezl4ajpp2zy8.cloudfront.net/sourceforgemedia-computing_tag.js
https://ads.rubiconproject.com/header/15680.js
https://tag.contextweb.com/getjs.static.js
https://tag.crsspxl.com/s1.js?d=2397&cb=1471418783139
https://ads.pro-market.net/ads/scripts/site-143573.js
https://a.fsdn.com/sd/js/scripts/ad.js?release_20160811
[...]

>that have full access to a very powerful interpreted scripting engine, and with one tiny flaw, can infect your computer. Or, they'll bombard the user with scamware or phishing attacks to trick them into giving them access. It ends up the same either way.

The same with js ads.

>a modern browser with robust content interpreters, hardened over the last two decades.

Not hardened, but patched around a shit load of bad design. One of the biggest issue is the mix of code and the visualization: script tag, events (onload, onclick, ...). Most issues of the web with `javascript` are solved with only one single change: the forbidding of embedded js (you nevertheless need a new mechanism to pair js and html).

Creating a secure webpage is a nightmare. Getting right all the necessary HTTP flags (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy) is really hard. Security have to be the default.

>Besides, you notice that article was written in 2004, right?

Yeah, that's just an example. But just check the cve's, there is still some issues of this kind, now in 2016.

The web is broken. And this is maybe beyond repair.

Re:And publishers complain about ad blockers

[Tom]

Safe is not a binary yes or no. It's more of a spectrum.

No, it's not. You are safe, or you are compromised. The millisecond you get compromised, you change state hard from one to the other.

There are things that are more or less likely to get you compromised. You apparently confuse that. But there is no confusion. An image has a specific purpose. A scripting language does not. If I allow you to send me an image to display, my intention is clear - I want to see an image. If I allow you to run a script on my machine, my intention is not clear.

GP is correct. Ads need to move back to display-only functionality. All the tracking, malware and other shit is because we have given greedy fuckers too many toys. The horse is out of the stable, we won't get it back in, we will not get any kind of "responsible advertisement". Too late. Static only is the solution. Ad blocking the other. Nothing else will work. Exactly because there is no spectrum. If you give advertisers, who have proven time and time again that they are shady, something that can be exploited, then it will be exploited.

Re:And publishers complain about ad blockers

[houghi]

The ad business model was broken from day one.
I remember when they started to apear and people started blocking them, even when they were a banner size and did not move and ther was only one on a page.
People do not like ads. I do not want them on my computer, I do not want them in the streets or on TV, I do not want them on my underwear.

There is also no reason to justify why they exist. They exist to sell you stuff and to make money for the people who place them. So is insurance from the Mafia. Just because I understand why they are there does not mean I want them.

If a real-life adblock would exist that blocks out all the advertising (and branding while we are at it) I would happily use that. Just a fast glance of where I sit I see 25 brandnames and ads easily and some I probably do not even register anymore.

âoePeople are taking the piss out of you everyday. They butt into your life, take a cheap shot at you and then disappear. They leer at you from tall buildings and make you feel small. They make flippant comments from buses that imply youâ(TM)re not sexy enough and that all the fun is happening somewhere else. They are on TV making your girlfriend feel inadequate. They have access to the most sophisticated technology the world has ever seen and they bully you with it. They are The Advertisers and they are laughing at you.

âoeYou, however, are forbidden to touch them. Trademarks, intellectual property rights and copyright law mean advertisers can say what they like wherever they like with total impunity.

âoeFuck that. Any advert in a public space that gives you no choice whether you see it or not is yours. Itâ(TM)s yours to take, re-arrange and re-use. You can do whatever you like with it. Asking for permission is like asking to keep a rock someone just threw at your head.

âoeYou owe the companies nothing. Less than nothing, you especially donâ(TM)t owe them any courtesy. They owe you. They have re-arranged the world to put themselves in front of you. They never asked for your permission, donâ(TM)t even start asking for theirs.â
â" banksy (Will look for the place where he got it from. It is not his, he adapted it.)

Re:And publishers complain about ad blockers

[houghi]

banksy (Will look for the place where he got it from. It is not his, he adapted it.)

http://readingfrenzy.com/ledge...
http://readingfrenzy.com/ledge...

Re: And publishers complain about ad blockers

Then why are you commenting on a tech news site funded by advertising?

Re:And publishers complain about ad blockers

It's because your ad business model is broken. How long will it take before you admit to yourselves that accepting random scripted ads from an insecure third party ad farm totally out of your control is stupid? Either vet the ads yourself (and accept responsibility if you let a malicious ad get through), or contract it out to a third party security service which does it for you.

Too hard you say? Here's a hint: If the only ads you allow are a static JPEG which clicks through to the advertising site, you've done your job. Newspapers and magazines got along just fine for over a century with static ads. Advertisers don't need scripting, and in fact they've demonstrated they're too immature to be given the power of scripts.

Yeah, like Facebook is trying to do. Oh wait... people still complained.

Just say you don't want advertisements, and that security is one reasons why. Pretending like you are only concerned about the security is disingenuous. Aren't you always yelling at advertisers for lying? So why are you engaging in the same behavior.

Re:And publishers complain about ad blockers

[Dutch+Gun]

To clarify, I haven't turned off my ad-blocker on the Slashdot site. Third-party ads are still blocked. I'm talking about the ads Slashdot serves itself, like the Slashdot deal ads. This is actually a method of serving ads I'd like to encourage, and so I don't take any special action to block those ads.

Basically, I agree with everything you said about the dangers of third-party Javascript, especially when used for nothing but serving ads and tracking us.

Re:And publishers complain about ad blockers

Umm that's called strong-arm tactics. Imagine if someone knocked on your door and you decided to not answer- yet the continued to knock, pounded, and finally smashed your door in to get your attention & also stole 1 dollar off your dresser in compensation for their 'ad delivery'.

And ps: if ads were ONLY ads that'd be fine. Like highway billboards or magazine ads- you see a photo & text of products. Fine. But all the trackers, web-beacons, clear 1x1 gifs, iframes, and scripts? C'mon it's abuse to the reader. It really is.

If websites go back to showing me actual ADs then yeah I'll play.

This is why I use an ad blocker

And I don't exempt anyone, not even "safe" vendors like Google. No ad network is truly safe, they all deliver malware sooner or later.

Re:This is why I use an ad blocker

>google
>safe
my sides

Re: This is why I use an ad blocker

And that's why he put the word safe in quotes.

can we please stop pretending?

would automatically download when users visited certain Russian news sites, without requiring users to click on the malicious advertisements

Can we please stop pretending that computers "automatically" do things, as if they are some magical entity that is not subject to understanding? They do what they are programmed to do, and configured to do within that programming.

Ads do not "automatically" download jack shit. They download things if you are allowing unknown remote sites to run scripts without your explicit approval. Almost always that happens because Javascript was enabled by default, which we have seen about 1000000 times is a security clusterfuck. Almost all such events happen only because someone said, "Sure! I don't care who the other party is, I'm just fine with them running code I haven't seen on my computer, automatically, by default. No no, really, it's fine! Go right ahead. I don't care what you want to do. Behavioral tracking, malware downloading, anything you want! Go for it! Door's wide open."

This is no smarter than letting anyone, at any time, use your house for any purpose they might want, "as long as they promise to stay in the living room". Drug cartels? Mafia? Human traffickers? It's all good! No, I don't need to approve the uses of my house, I'm willing to let literally anyone in the world use it for any reason. Later on, I'm going to act mystified about why the SWAT team just showed up, my house is on fire, there's a dead body in the kitchen, and the neighbors are running around screaming. There can't possibly be any connection between that, and my default-allow policy.

If you wouldn't do that with your house, why would think it's any smarter to do it with your computer?

Re:can we please stop pretending?

[oobayly]

It's pretty easy to start a drive by download without javascript - just use an iframe that requests a file with an attachment content-disposition. If the whole world stopped using javascript tomorrow malware writers would simply find an alternative delivery method. It's a bit like saying "stop people from buying petrol will mean no more road deaths"

There's already a very simple way to stop this being effective. You still actually have to run the apk (which you don't remember downloading), and enable 3rd party apks (which are disabled on every mainstream phone I've had).

Again with the petrol analogy - if you found a full fuel can in front of your house would you put it in your car?

Host blocker

[110010001000]

Would a host blocker written in Delphi help here?

Re: Host blocker

I imagine it would. You know where I might find such a wondrous creation?

the issue has been resolved she now use adblockers

The good news is that the issue has since been resolved, according to a Google spokeswoman.

She now uses adblockers. Right?

Ads have long been a risk to security

[melting_clock]

Unfortunately for sites that rely on advertising to survive, malware delivery through ads is nothing new and this forces many people to block ads as part of their online security. This is not because the sites they visit are not trustworthy. It is simply due to the fact that not every advertiser can be trusted and the companies serving ads have failed to effectively prevent malware getting on to their networks. Criminals distributing their malware through ads are able to reach legitimate web sites that they would be unable to compromise, expanding their reach to a larger audience and making it an attractive option.

Many of us would be happy to view ads to support our favourite sites but are unwilling to take the risk. Antivirus software can only protect against known threats so, when new malware is constantly being discovered, their success rate of detection can never be 100%. Antivirus software forms part of a sensible online security plan but it does not replace ad blocking or blocking third party scripts.

Re:Ads have long been a risk to security

Many of us would be happy to view ads to support our favourite sites...

Nope. I would never be happy to view ads. If I want to support a website I'll send a donation or support it with content but I will never spend any of the time that I've been given in this life watching ads.

Re:Ads have long been a risk to security

[wickerprints]

Precisely. Your point is proven by the fact that these trojans are finding their way onto Google AdSense: it definitively shows that the only remedy is to block all ads because the content providers, ad networks, and other facilitators, cannot be trusted to not serve malware to the end user.

But, a little context is also worth mentioning. The original web ads used to be things like banners, or animated GIFs, usually with cheesy flashing graphics. These are still around of course. They used to be nothing more than static content that would serve a link if clicked. But as they became ubiquitous, users quickly to ignore them. So advertisers resorted to increasingly intrusive ads, like the dreaded pop-ups, which users quickly learned to close, followed by pop-unders or persistent pop-ups powered by scripting that would simply load another pop-up if the original window was closed. These resulted in browser-side blocking of pop-ups. Advertisers then escalated to overlays and interstitial ads, intercepting or obscuring the desired content. Of course, in all of this, there was always some share of shady ads, things that tried to trick the user in some way by pretending to be something it was not. But the trend has always been an arms race of increasingly intrusive and difficult to block advertising, versus increasingly more sophisticated methods to block.

This is why we are where we are today. Online advertising has a long and consistent history of being untrustworthy, malicious, and disrespectful of user preferences. Blocking is the natural reaction to such tactics. On the other hand, when people follow certain kinds of online content--product reviews on YouTube, Facebook, and Twitter--this is the way online advertising must evolve. It must evolve away from advertisers attempting to force-feed ads to users whether they wish to see it or not. Even when I know what I'm watching or reading is a paid endorsement or sponsored content, if I *choose* to look at it, that is worth far more than being forced to click through an overlay. If I cannot unblock the content without running some shady JavaScript, I simply move on.

Re:Ads have long been a risk to security

[phantomfive]

it definitively shows that the only remedy is to block all ads because the content providers, ad networks, and other facilitators, cannot be trusted to not serve malware to the end user.

I'll go beyond that: if you browse the net without adblock, you are irresponsible. If you help someone with their computer, and don't set up adblock, you are irresponsible. If you are a sysadmin and don't have adblock on your computers by default, you are irresponsible and should be fired.

Re: Ads have long been a risk to security

Note to scummy bottom-feeders. We block your content not because of you, but because there are worse.

Re:Ads have long been a risk to security

[AmiMoJo]

The problem sellers face is that, for the most part, they are shovelling shit. Sure, if you have a great new phone you want to advertise, send it to some YouTube reviewers (MKBHD is good) and watch the sales roll in. But most stuff is crap, and they want to sell it to you anyway. The only way they can do that is my misleading you, tricking you into wasting your money.

Most advertising will never be able to rely on reviews or even paid endorsements, because even with paid endorsements people soon start to realize if they consistently rate crap 10/10. Then you have really scummy sites like Ashley Madison that they probably couldn't even pay people to endorse, especially after being hacked.

Re:Ads have long been a risk to security

>The original web ads used to be things like banners, or animated GIFs, usually with cheesy flashing graphics. These are still around of course. They used to be nothing more than static content that would serve a link if clicked.

Halleluah! I now pine for the days of static ads. At least they were just that, an ad. Now these ad-servers include so much tracking, clear 1x1 gifs, iframes, scripts, and web-beacons... the ads is just the vehicle for these other things. It is a TRUE disservice to us readers and the products company too.

Show us 'actual dvertising' and we'd likely be happy again.

Good news?

The good news is that the issue has since been resolved, according to a Google spokeswoman.

Yeah, well, the bad news is it happened in the first place, dingus. EVEN GOOGLE ADS GET COMPROMISED, this isn't the first time. Ads are an exploit vector, protect your network accordingly.

hey ailan

depois tu não sabe pq eu nao ligo pra merda da tua mãe, seu freemason pedófilo filha da puta.

You're a bad person if you don't let them steal?

Remind me about the Ad pushers rights to force malware? I smell Class Action Lawsuit!

Ad Blocking

[duke_cheetah2003]

And once again, Ad Blocking is justified. Those darn ads can be outright dangerous, which computer people have been saying for years.

Simply put, if companies can't be bothered to vet the ads they're serving, we can't be bother viewing any ads at all. Clean it up, already.

"Weapon"?

[TheDarkener]

Really?

Use jpegtran

[tepples]

A publisher or ad network can still protect users by recompressing advertisers' uploaded files. There are two ways to go about this. One is to use a JPEG optimizer such as IJG's jpegtran, which optimizes JPEG files without additional loss. The other is to require advertisers to upload PNGs or high-quality JPEGs and then transcode them to web quality using mozjpeg.

Re:Use jpegtran

[sexconker]

jpegtran

You seriously need to stop with the micro aggressions.

Re:Use jpegtran

[Mashiki]

Can't tell if joke or poe's law in action.

Re: Use jpegtran

Nope. Adding an indirection to the infection vector creates a computer that no-one cares about either. You can't just indirect all the badness out of the world.

You can't win this. The only winning move is not to play.

Re:Use jpegtran

[fyngyrz]

You're one of those who are against the LJBT* community, aren't you?

*(Lossy JPEGs Bereft of Transparency)

Re:Rooted android phone? This helps (w/ ADB)

By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk

Yeah, right, like I'm going to trust APK to defend me against apks.

Can someone provide IP addresses?

[Bomarc]

By updating the Host file (yes, it will be a back and forth thing) the ability to block the web sites and keep this crap from coming in - or going out. Great, they can capture all the key strokes they want. HOWEVER: if the data can't make it out, it is useless to them.

Also - for those of us who use a different computer for bank activities: how can we block entire countries?

Re:Can someone provide IP addresses?

[Blue+Stone]

n/t

Re: Can someone provide IP addresses?

You understand that hosts file don't block IP connections, right?

Re:Can someone provide IP addresses?

[drinkypoo]

By updating the Host file (yes, it will be a back and forth thing) the ability to block the web sites and keep this crap from coming in - or going out.

It doesn't do that. You will need an egress firewall to do what you think you're doing. And it's going to have to somehow be stateful and understand the difference between a legitimate outgoing connection, and one which isn't. Good luck!

Re:Can someone provide IP addresses?

[Bomarc]

It doesn't do that. You will need an egress firewall to do what you think you're doing. And it's going to have to somehow be stateful and understand the difference between a legitimate outgoing connection, and one which isn't. Good luck!

You understand it does do that...

With an entry such as:
127.0.0.1 ads.yahoo.com

all traffic that would be routed to ads.yahoo.com is blocked. replace ads.yahoo.com with an ip address, and that ip address is blocked.

I'm surprised that the people here at /. are that naive about such a simple method of blocking hacking/attempts to hack.

Re:Can someone provide IP addresses?

Firewalls like ipfire have country blocking features. The way the internet works it easy to live in one country and operate your site from another though.

Re:Can someone provide IP addresses?

[Psicopatico]

Hummm... no.

Text from a "#" character until the end of the line is a comment, and is ignored. Host names may contain only alphanumeric characters, minus signs ("-"), and periods ("."). They must begin with an alphabetic character and end with an alphanumeric character.

Source: every hosts manpage.

Re:Can someone provide IP addresses?

[Bomarc]

Sorry ... in conjunction with route command:
route add 192.168.1.5 127.0.0.1

The base concept of blocking DNS entries

Re:Can someone provide IP addresses?

[spongman]

correct. a hosts file (or even better a proxying dnsmasq running on your home router) won't block malicious traffic. but, in this case at least, it will stop the malicious scripts from being delivered to you in the first place.
it also has the added benefit that you don't see any ads.

Re:Can someone provide IP addresses?

[drinkypoo]

With an entry such as:
127.0.0.1 ads.yahoo.com
all traffic that would be routed to ads.yahoo.com is blocked.

I'm going to share a really astonishing piece of information with you now: You are utterly, completely wrong. First, and I know this is shocking, it is possible to access hosts by IP. That's right, the program can simply connect to a hardcoded IP, and not use DNS at all. But wait! There's more! They can also just ignore your name resolution system entirely, and do a DNS (or some other protocol!) lookup to a server of their choice — also potentially using a hardcoded IP. Thus, without an egress firewall, you cannot prevent programs from accessing the internet. Your firewall might be as simple as null routing those addresses, but it's not as simple as a hosts file entry. You're also going to have to identify the traffic before you can set such a route.

Absolutely the only way to do what you think you're doing (prevent programs from accessing the internet without your permission) is with whitelisting.

Re:Can someone provide IP addresses?

[Bomarc]

simply connect to a hardcoded IP

didn't you read my follow up ... use host in conjunction with route command:
route add 192.168.1.5 127.0.0.1

So, who is wearing the udder now?

So... if a list of IP address is/are known, it is possible to block them, even using your mule, er multi-point system - that is if they can't get the first point, they can't get an update. If they hard-code an IP address, route-block it. If they hard code a DNS, host block it.

Re:Can someone provide IP addresses?

[drinkypoo]

didn't you read my follow up

I did. But the problem with your idea is that you're not explaining how the user is supposed to keep up.

If they hard-code an IP address, route-block it. If they hard code a DNS, host block it.

So your solution is to close the barn door after the horses have got out?

Re:Can someone provide IP addresses?

[Bomarc]

"Yes"

Just as a virus must be out before AV can detect it, someone has to get the problem before it can be guarded. The new version of AV (or stopping a fake bank); a list of IP address (host) / scripts (route) that will block bad addresses/domains.

Spybot does this exact (well, all but "route") all the time.

Re:Rooted android phone? This helps (w/ ADB)

Fuck off, loser.

Who the hell

[drew_92123]

would fall for such a cheesy trick? Certainly none of the brainiacs here at /. right? ;-)

You wish you were me... apk

See subject: It's all there needs to be said about it - take your own far more TRUE about YOU advice. You're a scared unidentifiable imaginary man (lol, see below) in your own mind zero...

APK

P.S.=> It's as if this place has become so troll infested it's hilarious - your type's the worst & I call "your kind", lol, the "not-men" (as in weasels) - they signal downmods of my posts I just laugh MORE @, & why? Ever see the film "LIMITLESS"? That's me exhausting you of YOU & your sockpuppets' modpoints also - & in the end?? I post unscathed, as always... takes brains - you don't have them (or balls) doing what you do, unidentifiable weasel... apk

Re:You wish you were me... apk

Kettle, you're black

-pot

Re:You wish you were me... apk

Keep blowing your modpoints. I'll just post again assuring you do, lol (I love it)... see -> https://news.slashdot.org/comments.pl?sid=9533491&cid=52721181 lol...

APK

P.S.=> I've got you outsmarted coming & going (+ doing things the likes of a "LOWLY TROLL" do-nothing "ne'er-do-well" like YOU will never manage)... apk

Gee

[buss_error]

And my family wonders why I refuse to use my phone as anything other than a phone.
If it isn't obnoxious ads, it's poorly preforming apps, and if it's not those two, it's the bill at the end of the month.

One way or the other, if you have a cell phone in the US, you're going to get "got".

Ever notice how they call it a "cell" phone? You keep prisoners in cells. Just sayin'.

Google ads infect Google Android

[mrbill1234]

When are Google going to wake up and take security of their mobile OS seriously?

Their security model is broken - completely. They just need to start over.

advertisement is evil

[Tom]

And with that, all the "good advertisers" bullshit is dead. Not just scammy and shady ad networks deliver malware. Advertisement is evil and needs to die, at least the way it is handled right now. The whole thing needs to be made illegal and restarted fresh with a clean slate and the first question should be "what do we, the users, want from advertisement?".

I like product information, for example. I'm a big fan of sites that compare products. These days, there are a thousand mobile phones, or printers, or vacation destinations, or chairs or cars or really anything, and it's not easy to find the one that's perfect for you.
There's also new and interesting stuff coming out all the time, and most of us miss most of it. Something that focusses on these aspects, on the customer desires, that would be wonderful.

Re:advertisement is evil

Making a "good advertisement" network is easy. Permit only static images from the advertisers, nothing more. Any analytics should be done by the network hoster (e.g. Google).

Re:advertisement is evil

[drinkypoo]

The whole thing needs to be made illegal and restarted fresh with a clean slate and the first question should be "what do we, the users, want from advertisement?".

I want it to go away. I want whatever is left to be restricted to statements of fact. If the people currently advertising want their identity associated with something, they can sponsor some content.

I don't know that there ought to be a law, though. I only think there ought to be a law regarding advertising to captive audiences. Putting advertisements on public transportation is flat-out wrong, for example, whether inside or outside.

Re:advertisement is evil

[Tom]

Putting advertisements on public transportation is flat-out wrong

On anything owned by the public, in fact. Roads, bridges, busses, anything.

Re:advertisement is evil

Putting advertisements on public transportation is flat-out wrong, for example, whether inside or outside.

Which alternative is flat-out right? Increasing transit costs for the poor, or raising taxes?

Re:advertisement is evil

[drinkypoo]

Which alternative is flat-out right? Increasing transit costs for the poor, or raising taxes?

Raising taxes, obviously. I have issues with how taxes are spent, but not with the concept. The concept of taxation is not wrong, it's the concept of hands-off government that is. You can't just give your money to the government and then walk away.

Google malware weapon - snorting into my coffee

[khz6955]

Does this Google malware weapon work on anything else except Microsoft Windows ?

This ought to work really well..

because you know I always log on to my bank from the ad banner at the top of third party websites..

Disable javascript altogether

The best way to deal with these problems would be for browser manufacturers to simply remove javascript (and any other scripting language support) from the browser altogether.

"But... but we won't be able to play audio, video, make things spin and whirl" etc. etc. the hordes will cry. And nothing of value will be lost.

At the very least banks should produce dedicated, hardened browsers with no javascript/flash/whatever support, no cookie support and should serve their online banking pages by hosting all page resources on a single URL, and lock their browser to that URL and that URL only.

Javascript has utterly ruined the web. It should be put to death. For every small bit of utility it provides it has provided 100 times more exploitable problems. Not to mention all the code abominations where idiots have misused it to replace simple HTML facilities (such as the "a"nchor tags) with crap code.

Sideloading?

[jbmartin6]

The articles don't seem to say, or I missed it. But I assume for this to work you would need to have side loading enabled.

Re:Sideloading?

[CaptSlaq]

The articles don't seem to say, or I missed it. But I assume for this to work you would need to have side loading enabled.

And thanks to Amazon, this is enabled on many Android devices. http://www.theinquirer.net/inq...

Who would have guessed it?

Google takes ads from whomever regardless of their content in a money grab and Android fails at security when it comes to these ads...

The entire Google ecosystem is a wreck.

I'm never going back to that nonsense.

Re:Rooted android phone? This helps (w/ ADB)

[nitehawk214]

Every once in a while APK is actually relevant. But there is something to be said about horseshoes and hand grenades.

Adblockers

[DaveMikulec]

Meanwhile, these asshats are trying to force users to stop utilizing tools like Adblocker. "Trust us" they say. Well... BULLSHIT on you.

Good ads

[fyngyrz]

Ads can be good. They can enable commerce and content. Responsible advertising contains a combination of three things: a still image, and/or text, and a link. IOW: an HREF element, and within that, an IMG element and/or perhaps (preferably) some textual content. No scripts other than what's required to actually serve the ad, no videos, no animations, no scraping of user-specific information.

Anything/everything else is abuse.

Remember when Google was all about text ads?

Google's ethics cancer took care of that. For myself, I don't see many ads any longer. The status quo is to attempt to abuse me; fine. The status quo on this end is to block ads.

Re:Good ads

Does www.google.com have image ads now?

Not Adblockers

[madcat2211821]

This is why I don't call them "Adblockers" but "Malware Vector Blockers".

Spyware has Malware,reported incog by FBI@SLASHDOT

Google is a spy shop. Slashdot is FBI.

Yea yea yea, malware ok got it.

Rooted android phone? This helps (w/ ADB)

APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...

Ads rob speed, security (malvertising), privacy (tracking).

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.

Works vs. caps & PUSH ads.

Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.

Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.

Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).

Gets data via 10 security sites.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )

Re:Rooted android phone? This helps (w/ ADB)

Yes he is. He's only 1 of perhaps 4 here who actually personally are relevant in computing due to their work in programs they produce or sevices they created. Not many here are or can prove it.

AdBlock = inferior + 'souled-out' vs. hosts

Adblock can't do (or do as well) 16 things hosts do 4 speed, security & reliability:

1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C servers
3.) Protect vs. dynamic dns botnet C&C servers
4.) Protect vs. DGA botnet C&C servers
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned/downed dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks & hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O us

APK

P.S.=> Ab+ does less vs. hosts less efficiently (a 128-151mb memory hog http://cdn.ghacks.net/wp-conte...)

ClarityRay defeats it

Ab+'s bribed not to work by default http://www.businessinsider.com...

AdBlock's SLOWER: http://superuser.com/questions...

Re:Rooted android phone? This helps (w/ ADB)

^Garbage.

inaccuracy

[the_pouar]

"Every legitimate app is going to be on Google Play or on iTunes" Then where are the adblockers and F-Droid on Google Play?

Re:Rooted android phone? This helps (w/ ADB)

^Do nothing troll douchebag

/.'ers disagree... apk

I support APK's stand on the hosts file by Trax3001BBS

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works by bmo

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

APK

P.S.=> Want more? apk