Slashdot Mirror
US iOS Users Targeted by Massive Malvertising Campaign (zdnet.com)
A cyber-criminal group known as ScamClub has hijacked over 300 million browser sessions over 48 hours to redirect users to adult and gift card scams, a cyber-security firm revealed this week. From a report: The traffic hijacking has taken place via a tactic known as malvertising, which consists of placing malicious code inside online ads. In this particular case, the code used by the ScamClub group hijacked a user's browsing session from a legitimate site, where the ad was showing, and redirected victims through a long chain of temporary websites, a redirection chain that eventually ended up on a website pushing an adult-themed site or a gift card scam.
These types of malvertising campaigns have been going on for years, but this particular campaign stood out due to its massive scale, experts from cyber-security firm Confiant told ZDNet today. "On November 12 we've seen a huge spike in our telemetry," Jerome Dang, Confiant co-founder and CTO, told ZDNet in an email. Dangu says his company worked to investigate the huge malvertising spike and discovered ScamClub activity going back to August this year.
These types of malvertising campaigns have been going on for years, but this particular campaign stood out due to its massive scale, experts from cyber-security firm Confiant told ZDNet today. "On November 12 we've seen a huge spike in our telemetry," Jerome Dang, Confiant co-founder and CTO, told ZDNet in an email. Dangu says his company worked to investigate the huge malvertising spike and discovered ScamClub activity going back to August this year.
Which pretty much confirms there is no such thing as a 'legitimate' ad network, and that the only reasonable conclusion is to block all of them on the assumption they're corrupt and broken.
I say until such time as this problem is 100% solved, everyone who works for an internet ad agency is fair game for a beat down for every instance of shit like this, no matter what the ad agency responsible.
Either the ad companies find a workable solution, or eventually we run out of people who work for ad companies. It's a win-win either way.
And, sorry, but if you work in internet advertising, you really do deserve that beat down and I don't much care that you're doing it to pay the bills; that's not my problem. The people who helped the Nazis said the same thing.
Internet ad companies are parasites who don't give a fuck about your privacy or security. Which means I don't care about their privacy or safety.