Two Major Ad Networks Found Serving Malware 330
Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."
Of course! (Score:5, Interesting)
What do you expect from a company called "Doubelclick"? I bet Googel tampers with their search results too.
is there anyone left NOT running adblock? (Score:0, Interesting)
Both of you should install it.
And who the fuck has their machine set up for "drive by downloads" in this day and age? After the last decade of headlines about malware? Really, what kind of idiot to you have to be to run a machine configured like that these days?
In the early days, yeah, shame on the malware people. But fool me 48120912312 times? Shame on me.
coulda told ya (Score:2, Interesting)
I could have told you that. I narrowed down the issue to MSN/Hotmail a couple days ago and was advising users to stay away for as long as possible/use adblock/noscript.
I've been dealing with removing this horseshit from end users pc's all week.
Something interesting I noticed was the malware authors were amateurs- they forgot to setup the fake HDD defrag malware to run at boot on any other user profile besides the one that was infected.
Made disinfection pretty easy...
Re:Praise for adblock (Score:3, Interesting)
Queue people whining and crying that people are thieves and all that because they block ads. Sorry, but if you can't be sure you'll never serve malware. You'll never be allowed to serve ads which might infect my machine with something...nasty. Especially now that ransomware is starting to become the next trend.
Trust model (Score:5, Interesting)
The trust model of online advertising is in my opinion fundamentally broken. A big part of the security model of the web is domain-based - e.g. the same origin policy - but this goes down the drain with third party ads hosted on yet another third party's server.
With online advertising it was for the first time possible to measure the effect of ad campaigns better than "how many saw it and did we sell more after it?" What did this bring us? "PUNCH THE MONKEY!", "LOOK AT THE BLINKING LIGHTS!", "BEEP BLOOP BEEEEEP!!!" and perhaps most insidiously it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.
AdBlock doesn't just save you bandwidth and reduces the annoyance of browsing the web, it is also one of the best tools for avoiding drive-by malware from ads.
Re:Noscript wins again (Score:5, Interesting)
What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines,
Ad views have become the defacto micropayment system. If we had an alternative, sites wouldn't have to be dependent on privacy-invasive and security-breaking ad systems. I'm sure that many would anyway, but they would at least have other options.
but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.
Micropayments could solve that problem too - anonymous microcash would be almost completely immune to the kind of abuses that you are avoiding.
Adblock is not that great a protection on its own (Score:2, Interesting)
Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.
Much better to have secure systems inside than walls trying to block everything.
Re:Noscript wins again (Score:5, Interesting)
A "push" credit card transaction would also solve those problems. Why is it that I can only pay for something by giving my entire credit balance to someone and trusting them to give me back everything but what their invoice says? Why can't I say, "Hey, MasterCard, give this guy $50." He gets an email, his automatic email-getting-password-sender-outer tells me how to get to his jiggly bits. ... I mean, the jiggly bits he has video of, not the ones between his pockets.
Re:Can't say I'm surprised... (Score:0, Interesting)
16++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
http://blog.fireeye.com/ [fireeye.com]
http://mtc.sri.com/ [sri.com]
http://news.netcraft.com/ [netcraft.com]
http://www.shadowserver.org/ [shadowserver.org]
REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):
http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)
And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]
8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).
9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.
10.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs.
11.) HOSTS files are EASILY us
Re:Noscript wins again (Score:3, Interesting)
Re:I've seen stuff coming from MSN for quite somet (Score:4, Interesting)
THIS is why class action lawsuits against the offending malware serving companies needs to be instituted, starting at the biggest baddest adware serving companies. If DoubleClick serves Malware, it is their responsibility and they need to be sued into oblivion.
Take the profit out of serving ANYTHING to everyone, and start making it cost money, and you'll see the changes you want.