A Spotify Ad Slipped Malware Onto PCs and Macs

An anonymous Slashdot reader quotes TechHive: Spotify's ads crossed from nuisance over to outright nasty this week, after the music service's advertising started serving up malware to users on Wednesday. The malware was able to automatically launch browser tabs on Windows and Mac PCs, according to complaints that surfaced online...the ads directed users' browsers to other malware-containing sites in the hopes that someone would be duped into downloading more malicious software.
It didn't last long -- Spotify quickly posted that they'd identified "the source of the problem." And they're not the only company dealing with hidden malware in ads, since the same thing has happened to both Google and Yahoo.

How difficult can it be

to have as a policy and requirement, that adverts only come as still images, or movie sequences? Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

Re:How difficult can it be

[alvinrod]

Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

Most savvy users wouldn't which is why they use some kind of ad blocker or no script plugin. Even if asa weren't vectors for malware infection, video ads and trackers tend to chew through bandwidth and batteries as well.

If websites limited themselves to static images without the massive number of trackers, I'd be far more likely to turn off the blocker. But for whatever reason, advertisers pay websites more if they use the world's most annoying shit.

Shashdot has had this as well.

[stfvon007]

I have had something similar happen a couple times on slashdot - an ad redirects the whole page to a scam "You won a free apple laptop" page that tries to trick you into downloading malware. (for those who say it was a virus on the PC not slashdot, one of these times was on a fresh install of linux) This is why I have adblocker software and why slashdot is NOT whitelisted anymore. (Hint to slashdot's owners, Adopt the policy of the first poster and I may whitelist you again)

Yet another reason why Adblocking and Scriptblocki

[Dr.+Crash]

Yet another reason why adblockers and scriptblockers are essential.

Not just because ads chew up your pay-by-the-byte bandwidth, but because they are actively serving up malware.

Sorry, all you ad-supported sites... find another business model. Your current methods are dying a very painful death.

Enough of the IAB, ad networks and bad websites

[StandardCell]

It is beyond unacceptable that:

* Ad networks continue to be a vector for device infections both directly and indirectly
* Ad networks track and profile users across websites without their consent
* Websites use pop-over scripts to interrupt the viewing experience
* Ad scripts and other ads use deceptive means to generate accidental clicks/taps
* Websites redirect users unwittingly to app stores, particularly when said apps have nothing to do with the website content

While I sympathize with website owners trying to monetize their content, they have left users with no choice but to block ads indiscriminately. The mobile browsing experience is particularly out of control now and shows what utter contempt or incompetence websites have regarding their user experience.

The IAB and ad networks are complicit in allowing this situation to persist, yet focus all of their attention on trying to prevent ad blocking through technical and legal means rather than actually enforcing some standards of non-obtrusive advertising that doesn't threaten to direct you to some scummy malware site with a zero-day.

Maybe it will take a few lawsuits, or boycotts, or just an overall drop in revenue for these deluded parties to stop this nonsense once and for all. Maybe it will be something else. Until the economics of serving and designing ads is tied to a positive UX, there will be an endless technological war to protect users from malicious ads.