Slashdot Mirror
US iOS Users Targeted by Massive Malvertising Campaign (zdnet.com)
A cyber-criminal group known as ScamClub has hijacked over 300 million browser sessions over 48 hours to redirect users to adult and gift card scams, a cyber-security firm revealed this week. From a report: The traffic hijacking has taken place via a tactic known as malvertising, which consists of placing malicious code inside online ads. In this particular case, the code used by the ScamClub group hijacked a user's browsing session from a legitimate site, where the ad was showing, and redirected victims through a long chain of temporary websites, a redirection chain that eventually ended up on a website pushing an adult-themed site or a gift card scam.
These types of malvertising campaigns have been going on for years, but this particular campaign stood out due to its massive scale, experts from cyber-security firm Confiant told ZDNet today. "On November 12 we've seen a huge spike in our telemetry," Jerome Dang, Confiant co-founder and CTO, told ZDNet in an email. Dangu says his company worked to investigate the huge malvertising spike and discovered ScamClub activity going back to August this year.
These types of malvertising campaigns have been going on for years, but this particular campaign stood out due to its massive scale, experts from cyber-security firm Confiant told ZDNet today. "On November 12 we've seen a huge spike in our telemetry," Jerome Dang, Confiant co-founder and CTO, told ZDNet in an email. Dangu says his company worked to investigate the huge malvertising spike and discovered ScamClub activity going back to August this year.
It is not uncommon, if you don't have an ad blocker in place on iOS, especially if you use FB's browser, to wind up being dumped to a site offering free iPhones or gift cards. So much so, that an ad blocker is a must for browsing on iOS, otherwise, your browsing screeches to a halt by a redirect and a takeover for these scams. Even legit sites get these fairly commonly.
On Android, Dolphin Browser is the best way to browse, and that also gets rid of this problem with its innate ad-blocking.
Sites that serve ads are held responsible for damages if visitors get hijacked by those ads. In turn, those sites can hold ad providers liable. The online advertisers would tighten up their security in a hurry when the lawsuits started rolling in. We might even get to go back to plain image ads.
The internet was better before advertising.
"Oh but how do you expect to pay for services without advertising, goy?"
There was a wider choice of services BEFORE advertising. The advertising model has destroyed everything. It needs to fuck off.
This
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
This shit is why I have zero qualms with blocking all ads, and why I would never surf the web on a mobile device.
This "allow every third party to run script" mentality the advertisers want the internet to operate on so their business model isn't disrupted is basically the conduit to this shit, because it leaves you wide open to everything. This is like saying I should leave my doors unlocked in case someone I do want in my house comes by, it's stupid.
No, I'm not letting third party scripts execute, no you don't get to set a cookie, and if at all possible, my browser will ignore your domain ... you are an advertiser, you can fuck off and die for all I care, because I have no choice but to assume you're dishonest.
What needs to happen is mobile devices and browsers need to start from the position that you as a random web site should in no way be trusted, nor should whatever asshole third parties you link to. It's impossible for the average user to defend against this. If advertisers and web sites can't operate without requiring you essentially disable all reasonable security, that's their problem.
None of this blanket consent of "you agree to our ToS and the ToS of the 20 parasites we link to", but a straight up "no, that's OK, I'm not running third party code on your say so just because you're a greedy sack of shit".
Honest advertisers are like honest telemarketers ... they may exist, but I don't give a fuck, and it's not my job to sift out the good ones. I'm simply going to block all of them, because I don't care.
All of advertising on the internet is tainted with this shit. It's time to start changing things so this garbage isn't allowed to execute by default.
I don't care what website it is, I will ruthlessly block third party stuff. Your revenue model doesn't trump either my privacy or security.
Fuck advertisers, they're the reason why security on the internet is so fucking broken.
https://www.washingtonpost.com/politics/2018/11/29/key-takeaways-michael-cohens-new-plea-deal/
1. There are conspicuous mentions of Trump and his family
2. Putin’s spokesman appears to have helped cover this up.
3. This ties the Trump family’s efforts to the Russian government.
4) The deal apparently died the day The Post broke a story about Russian hacking.
https://www.huffingtonpost.com/entry/deutsche-bank-offices-raided_us_5c00331de4b027f1097bc8aa
notice the numbing problem with numbers? They want you to believe there are 300 million iOS users in USA alone. Sure they are talking only about "sessions", but still these cybersecurity professionals are nothing, but bookkeepers of cookbooks straight from ENRON. At the same time notice the problem with entire premise of public computing. In the 25 years of internet they haven't released a single OS or Internet browser that would be secure. You know as soon as they release any given internet browser - it becomes insecure right away. Probably due to the fact that it's falling into the hands of the enemy they are attacking.
You don't go far enough. By conceding that honest advertisers might exist.
Let's rephrase it: Your attention is for sale. People are buying the right to try and convince you to buy shit.
No, fuck that! All advertising is corporate propaganda. We never asked for a public spaces to be cluttered with this shit.
Ads are a blight on the soul of man. All ads must burn. All products that need advertising are landfill-fodder fucking garbage that you definitely don't need.
On iPad due to all the redirect scams. Apple dosen't care they are too busy counting the profits from their $1000 ipad pros.
https://www.washingtonpost.com/politics/2018/11/29/key-takeaways-michael-cohens-new-plea-deal/
1. There are conspicuous mentions of Trump and his family.
2. Putin’s spokesman appears to have helped cover this up.
3. This ties the Trump family’s efforts to the Russian government.
4) The deal apparently died the day The Post broke a story about Russian hacking.
https://www.huffingtonpost.com/entry/deutsche-bank-offices-raided_us_5c00331de4b027f1097bc8aa
Find them. Kill them. I've said it before and I'll say it again: sociopaths have as much right to live as tapeworms.
Come on. Pics or it didn't happen.
At least post the link. For science.
Have gnu, will travel.
By the way if anyone here is in advertising or marketingkill yourself. It’s just a little thought; I’m just trying to plant seeds. Maybe one day they’ll take root – I don’t know. You try, you do what you can.
(Kill yourself.)
Seriously though, if you are, do.
Aaah, no really. There’s no rationalisation for what you do and you are Satan’s little helpers. Okay – kill yourself.
Seriously. You are the ruiner of all things good.
Seriously.
No this is not a joke. You’re [going], “There’s going to be a joke coming.” There’s no fucking joke coming. You are Satan’s spawn filling the world with bile and garbage. You are fucked and you are fucking us. Kill yourself. It’s the only way to save your fucking soul. Kill yourself
Planting seeds.
I know all the marketing people are going, “He’s doing a joke” There’s no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend – I don’t care how you do it. Rid the world of your evil fucking machinations. (Machi) Whatever, you know what I mean.
I know what all the marketing people are thinking right now too: “Oh, you know what Bill’s doing? He’s going for that anti-marketing dollar. That’s a good market. He’s very smart.”
Oh man, I am not doing that, you fucking, evil scumbags!
“Ooh, you know what Bill’s doing now? He’s going for the righteous indignation dollar. That’s a big dollar. A lot of people are feeling that indignation. We’ve done research – huge market. He’s doing a good thing.”
Godammit, I’m not doing that, you scum-bags! Quit putting a goddamn dollar sign on every fucking thing on this planet.
“Ooh, the anger dollar. Huge. Huge in times of recession. Giant market. Bill’s very bright to do that.”
God, I’m just caught in a fucking web.
“Ooh, the trapped dollar, big dollar, huge dollar. Good market – look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar”
How do you live like that? And I bet you sleep like fucking babies at night, don’t you?
“What didya do today, honey?”
“Oh, we made ah, we made ah arsenic a childhood food now, goodnight.” [snores] “Yeah we just said, you know, is your baby really too loud? You know?” [snores] “Yeah, you know the mums will love it.” [snores]
Sleep like fucking children, don’t ya. This is your world, isn’t it?
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
There was a reason they redirected all the streams through Russia and China.
-- Tigger warning: This post may contain tiggers! --
https://www.washingtonpost.com/politics/2018/11/29/key-takeaways-michael-cohens-new-plea-deal
1. There are conspicuous mentions of Trump and his family
2. Putin’s spokesman appears to have helped cover this up.
3. This ties the Trump family’s efforts to the Russian government
4) The deal apparently died the day The Post broke a story about Russian hacking.
https://www.huffingtonpost.com/entry/deutsche-bank-offices-raided_us_5c00331de4b027f1097bc8aa
https://www.nydailynews.com/news/politics/ny-pol-manafort-confidential-mueller-trump-giuliani-20181129-story.html
https://www.washingtonpost.com/politics/2018/11/29/key-takeaways-michael-cohens-new-plea-deal
1. There are conspicuous mentions of Trump and his family
2. Putin’s spokesman appears to have helped cover this up.
3. This ties the Trump family’s efforts to the Russian government
4) The deal apparently died the day The Post broke a story about Russian hacking.
https://www.huffingtonpost.com/entry/deutsche-bank-offices-raided_us_5c00331de4b027f1097bc8aa
https://www.nydailynews.com/news/politics/ny-pol-manafort-confidential-mueller-trump-giuliani-20181129-story.html
Please, please, please, keep on spamming this - over and over!
By doing that you will annoy and alienate the few users who might have been sympathetic to your message. So please, I beg of you, keep doing this! You clearly don't deserve to be taken seriously, your actions prove that, so all you have to do is continue along your present course. Then water will seek its own level. Simple!
Damn good reason to kill off the ability to automatically redirect an end users browser.
Massive Malvertising Campaign
I guess the users deserve this torture by going to zdnet in the first place.
0.0.0.0 hipstarclub.com
0.0.0.0 luckstarclub.com
* SOURCE https://www.zdnet.com/article/...
APK
P.S.=> For the best hosts file:
APK Hosts File Engine 2.0++ 64-bit for Linux http://apk/ .it-mate.co.uk/APKHostsFileEngineForLinux.zip
APK Hosts File Engine 10++ SR-2 64-bit for Windows https://hosts-file.net/?s=Down... (see download link @ bottom of page)
Ads are a cancer on the internet and need to die. It's not just crap like this, or any of the other javascript-based malware exploits foisted by ads over the years, it's the social costs of old or less mentally adept people being tricked into buying things they don't need and can't afford, or falling for scams.
Keep javascript disabled by default! Run it selectively for things you trust which need it. This idea that any random site gets to run scripts in your browser is insane and idiotic and needs to die.
I have utterly lost count of the number of times these two lessons would have prevented a large scale clusterfuck.
uBlock origin FTW. uMatrix FTW. Install them. Use them. Love them.
Hosts protect when addons can't (or as well):
Bad sites (past ads)
Botnet C&Cs
DNS down/poisoned
Trackers (dns logs/ads/transparent ISP proxy)
Dns blocks
Spam/phish payload
Ads in videostreams
Slowdown 2 ways: adblocks & hardcodes
Hosts = Ez edit.
AB+ 151mb https://www.google.com/search?q=Adblock+memory+consumption&btnG=Search&hl=en&gbv=1/
UBlock 64MB https://www.google.com/search?q=UBlock+memory+consumption&btnG=Search&hl=en&gbv=1/
Hosts~16mb
Addons = ClarityRay defeatable & crippled http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/
NoScript tag parses. Hosts block script prior to it!
No 1 addon does as much.
Stacked addons slowup.
ADDONS = EXPLOITABLE https://news.slashdot.org/comments.pl?sid=11166303&cid=55266729/
APK
P.S.=> Addons use more, do less & are EASILY DETECTED by sites so they can block them... apk
See my subject: Google EFast BOGUS Chrome doppleganger malware built from OpenSORES code Google let out - won't happen to me & my code was audited by Steven Burn of Malwarebytes - you can see that much here forum.hosts-file.net/viewtopic.php?f=5&t=4290 & he BOTH hosts & RECOMMENDS my program over all others like it (all came AFTER mine no less too - IMITATION is the SINCEREST FORM OF FLATTERY) there also.
APK
P.S.=> I've had TROLLS here on /. THREATEN to create a bogus version IF I opened up my code - a pity: It's POSSIBLE someone could improve it over my work (unlikely, but possible, lol) as for example, the Linux model is FASTER & MORE EFFICIENT vs. the Windows model (as I built the Linux one after it)... apk
https://github.com/paul-hamman... - a visualization of ad partners adding ad partners to a page (ad infinitum)
Heh, Ha Ha...
I have a customizable falsepositive filter in my program users can setup even moreso for themselves (faster than addon updates by FAR & more control (you talked "fine grain"? That's as FINE as it gets, speaking AS A USER vs. programmer here).
It wasn't MY advice to block github - it was ESET's & they were right (github was allegedly unknowingly serving malware & who knows what other parts of it are that way too (I've seen this a LOT on those types of sites)) per https://www.welivesecurity.com...
* Wildcards are BLUNDERING DOLTS compared to hosts specific accuracy & COST MORE TO PROCESS by far (especially via regexp but any decent programmer doesn't need those or that weight & slow).
APK
P.S.=> You'll LOVE my "starwars" reply on hosts next (why not? I'm in a good mood)... apk
"Not as clumsy/random as a blaster - An elegant weapon 4 a more civilized age" https://it.slashdot.org/commen...
* "For over a 1,000 generations Jedi Knights were guardians of peace & justice in the old Republic. Before the dark times. Before the EMPIRE"
(Hosts = light sabres & wildcard tools = blasters above per my essentially saying that to you here earlier https://apple.slashdot.org/com... ).
APK
P.S.=> Many here know https://linux.slashdot.org/com... & enjoy greater speed/security/reliability & anonymity hosts yield natively speeding you up 2 ways (adblocks & hardcodes that protect vs. DNS security issues in redirect poisoning + request tracking logs & RESOLVE FASTER locally from RAM driven by KERNELMODE speed vs. slow usermode in "solutions" packed w/ security issues (DNS/Antivirus) OR not working fully by default (adblock) in usermode addons easily detected by webmasters & blocked doing less but using more)... apk
See subject: Yes, it happened & hit a LOT of folks. OpenSORES is the cause, period - a double-edged sword & there's your e.g. thereof (there's others too - look @ crap snuck into node.js (or others like it)).
* Speaking as a coder? You get STRONGER doing work yourself & have TOTAL control of the work too + understanding it's data.
I'm on Linux/BSD/Windows & soon MacOS X etc. in NATIVE 32/64-bit FASTER vs. MSVC++ IN STRINGS & SECURE vs. string related bufferoverflow Object Pascal, multiplatform, single standalone exe form. NO RUNTIME ENVIRON NEEDED EITHER.
Is the one below that good? No.
Users go GUI & if Linux is to GAIN USERS cater to what they want (gui, not scripts).
APK
P.S.=> That Python script didn't check VALID tld/gTLD last I checked & nor did it do hardcoded favs (1st one stops portfilter errors + BLOAT in hosts something might TRY to bushwhack it with (slows loadtime) OR load w/ bad hardcodes (my program stops it) & 2nd = faster resolution + protection vs. DNSChanger &/or Kaminsky redirect poisoning)... apk
Adblock and NoScript take care of virtually all this kind of crap. Adblock stops ads from displaying (and infecting) and NoScript stops the rest of the malicious junk.
Just cruising through this digital world at 33 1/3 rpm...
Hosts files do though & yes, I know if you have Godmode access on iOS (apple folks do, & I know it for a fact) you can use my work's output (a custom hosts file) to import what it puts out.
* I wouldn't trust the sites blocked I noted w/ a Linux/BSD or Windows system either to be blunt about it...
APK
P.S.=> My program's no shitware & /.ers disagree w/ you there too https://science.slashdot.org/c... & it's MORE than a weezil like YOU has ever done & that much about YOU shows in your HIDING behind UNIDENTIFIABLE anonymous posts STALKING me all over /. for years now - get a life, do something w/ yourself that others like & use (as I do) instead of being a FREAK, ok? For your own sake... apk
See subject: which I pointed out w/ proof here w/ MYSELF saying I don't have a MacOS version yet https://news.slashdot.org/comm... vs. your IMPERSONATION of me parent to that reply of mine vs. your lies.
* Grow up - not only do you IMPERSONATE me but you also nigh CONSTANTLY STALK me by UNIDENTIFIABLE anonymous posts as you're doing now too - you have issues.
APK
P.S.=> Only reason I don't have a MacOS X version yet is that I don't own a Mac myself... apk
You're just a cuck. The internet existed before adverting, and it will be fine with the ads gone.
Some services will die, but who cares because they're all 100% cancer.
Did I mention that you are a cuck?