Hackers Use Banner Ads on Major Sites to Hijack Your PC 268
The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software. And the ads do their dirty work even if you don't click on them.The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick's DART program. Web publishers use the DoubleClick-hosted platform to manage advertising inventory." CT: Link updated to original source instead of plagerizer.
Very stupid idea (Score:3, Informative)
The "let's ban it" attitude seems awfully familiar. Are you a member of the US, UK, or EU parliament by any chance?
Like it or not, but advertising generates (directly and indirectly) the revenue that drives the Internet. When advertisement is passive, and does not attempt to hijack your computer, it is theoretically an win-for-all scenario: the advertisers get their clients, the consumers get their products, and the sites that host the advertisement get their costs and expenses covered.
TFA = Site scraping? (Score:5, Informative)
Not exactly new (Score:5, Informative)
Suddenly windows security center, that I routinely turn off because I can't stand the nagging, started up and told me that my computer was insecure and that I should go to a certain website and buy their virus defender software.
Not very subtle to a savvy person like myself, but I imagine some people would fall for it.
The box also started throwing up connection error message boxes, presumably because my external firewall were blocking outgoing connection attempts. Again not subtle, but it's an uncommon setup for a home user.
Third, it must have rooted the box somehow because certain files became invisible. "test.exe" among them. Renaming a textfile to text.exe would make it disappear, and the folder would be unremovable. Cygwin came to the rescue there. Also I noticed only because I happened to have lots of little crap programs laying around.
The virus scanners did not pick up on this.
This is the only time I have actually contracted a virus. Needless to say I hosed the box (PING is not disk image). What I learned from the experience is that knowing your system is way more effective than a virus scanner, and B) don't trust flash which is how I got the damn thing. I thought I was safe with firefox.
Doubleclick sent out a notice Friday (Score:5, Informative)
100it.info, 10smi.info, 2greatfind.com, 2quickfind.com, 3akoh.net, Ad2cash.net, Ad2profit.com, Adcomatoz.com, Adgurman.com, Adhokuspokus.com, Adnetserver.com, Adredired.com, Adsolutio.com, Adtraff.com, Adverdaemon.com, Adverlounge.com, Adzyclon.com, Alg-search.com, Alhoster.com, Aligarx.biz, All-search-it.com, Alphatown.us, Anmira.info, Anonymbrowser.com, Antivirussecuritypro.com, Aptprog.com, Art-earn.biz, Astalaprofit.com, Autodealer-search.com, B2adz.com, Bazaard.com, Belkran.com, Belshar.com, Bestadmedia.com, Best-biznes.info, Best-cools.info, Bestdatafinder.com, Besteversearch.com, Bestpharmacydeals.com, Best-screensavers.biz, Bestsearchnet.com, Bestshopz.com, Bestwm.info, Bestwnvmovies.com, Bezzz.info, Bi-bi-search.com, Bizadverts.com, Bizmarketads.com, Blessedads.com, Bm-redy.com, Bovavi.com, Brandmarketads.com, Bucksinsoft.com, Burnads.com, Cancerno.com, Candid-search.com, Carpropane.com, Cashloanprofit.com, Casinoaceking.com, Casinoby.com, Casinodealsgalore.com, Cha-cha-search.com, Cheap-auto-deals.com, Checkstocklist.com, Chushok.com, Clever-at-search.com, Clubheat.info, Come-from-stars.com, Co-search.com, Creamme.net, Cryptdrive.com, Cyndyk.info, Deuscleanerpay.com, Didosearch.com, Diphelp.biz, Dmitry-v.info, Doma2000.com, Durtsev.com, Easybestdeals.com, Energostroj.com, Enothost.com, Eroticabsolute.com, Errordigger.com, Errorinspector.com, Evrogame.info, Fandasearch.com, Fantazybill.com, Fastwm.info, Fastzetup.info, Fati-gati-search.com, Favourable-search.com, Favouriteshop.com, Feel-search.com, F-host.net, Fifaallchamp.com, Fight-arts.com, Fileprotector.com, Findbyall.com, Firstbestsearch.com, Firstlastsearch.com, First-ts.com, Foamplastic.net, Fokus-search.com, Force-search.com, Forceup.com, Forex-instruments.info, Forvatormail.com, Freepcsecure.com, Freerepair.org, Freetvnow.net, Friedads.com, Fulsearch.com, Getfreecar.com, Gibdd.us, Glass-search.com, Glorymarkets.com, Gosthost.net, Great4mac.com, Greyhathosting.com, Gt-search.com, Hackerpro.us, Hardlinecenter.com, Hebooks-service.com, Hintway-international.com, Homeofsite.com, Hromeos.com, Hyip2all.org, Icq-lot.org, Iddqdmarketing.com, Ideal-search.com, Idea-rem.com, I-forexbank.biz, I-games.biz, Imamis.net, Individ-search.com, Information-advertising.info, Infyte.com, Initial-search.com, Insochi2014.com, Installprovider.com, Internetadaultfriend.com, Internetanonymizer.com, Internetsupernanny.com, Intervarioclick.com, Investmentsgroup.org, Invulnerableads.com, It-translation.biz, Izol-tech.com, Kamerton-tests.com, Kazilkasearch.com, Keytooday.com, Keywordcpv.com, Kiridi.net, Kpoba.net, Kurgan45.info, Ladadc.com, Lanastyle.com, Ldizain.info, Libresystm.com, Liders.biz, Linii.net, Liveclix.net, Loffersearch.com, Londasearch.com, Lovecraft-forum.net, Loveopen.info, Lseom.biz, Luckyadcoin.com, Luckyadsols.com, Mad-search.com, Magicsearcher.com, Mailcap.info, Manage-search.com, Marketingdungeon.com, Mass-send.com, Max-expo.net, Maxyanoff.com, Mediatornado.com, Mega-project.biz, Megashopcity.com, Mightyfaq.com, Misc-search.com, Mobilesoftmarketing.com, Mobiletops.com, Mobilorg.org, Moneycometrue.com, Moneypalacecash.com, Mounthost.net, Myfavouritesearch.com, Myhealth-life.org, Myonlinefinance.com, Mysurvey4u.com, Mythmarketing.com, Mytravelgeek.com, Myusefulsearch.com, Napol.net, Navygante.com, Netmediagroup.net, Netturbopro.com, Newbieadguide.com, Nryb.com, Of-by.info, Olgalml.com, Ol-search.com, Onedaysoft.com, Onestopshopz.com, Onwey.com, Opensols.com, Original-search.com, Osetua.com, Osminog.org, Parischat.org, Passwordinspector.com, Pcsoftw.com, Pcsupercharger.com, Performanceoptimizer.com, Piramidki.com, Podelkin.info, Popadprovider.com, Popsmedia.com, Popupnukerpro.com, Postcity.info, Prenetsearch.com, Prevedmarketing.com, Prizesforyou.com, Pro-dom.info, Propotolok.info, Pro-svet.info, R2d2adverising.com, Radiosfera.net, Rocktheads.com, Roller-search.com, Rombic-search.com, Rus-invest.net, Rusnets.info, Russia-post.com, Sajruen.info, Samson-pro.com, Sauni.net, Se7ensearch.com, Search-and-win.com,
hosts file (Score:5, Informative)
http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
Re:I only found these ads on.... (Score:5, Informative)
Re:Ah, let the blame game begin (Score:5, Informative)
Re:I only found these ads on.... (Score:3, Informative)
It is 2007!
They now say: "Note: Astalavista.com is NOT affiliated with Astalavista.box.sk, there are NO cracks/serials/keygens/warez etc. hosted on the Astalavista.com's server, and never were! Moreover, Astalavista.com is a security site, therefore requests for anything illegal are simply directed to the wrong party, and get ignored immediately!"
CC.
Re:Never Experienced This (Score:3, Informative)
Re:What are these "ads" you're talking about ? (Score:2, Informative)
on some sites i want to allow scripts but block flash... and this is the best solution i've found.
Re:What are these "ads" you're talking about ? (Score:1, Informative)
Tools -> Preferences -> Advanced tab -> Content option.
I disable Javascript, Java and Plug-ins, and use the "Manage site preferences" button to whitelist sites for those features.
Use the "Blocked Content" button for ad blocking. I admit that Opera's content blocker interface isn't as good as Adblock Plus, though.
Do a google search on "urlfilter.ini" to get you started on a good content block site list.
Re:Never Experienced This (Score:3, Informative)
Google hole that allows a similar attack (Score:4, Informative)
There's a related hole in Google Maps, an "open redirector", that allows this exploit. Here's an example:
Caution - hostile URL Close the page displayed; don't click on anything on it. [google.com].
Note that it fools Slashdot, and most link scanners in spam filters, into accepting the URL as leading to "google.com". But, in fact, it redirects to the "malware-scan.com" hostile site, which will try to install an Active-X control.
We've been finding attacks like this up with SiteTruth [sitetruth.com], by using PhishTank [phishtank.com] information to down-rate sites that have open redirectors. We've found open redirectors on Google and AOL. They're actively being exploited.
So we're currently down-rating Google [sitetruth.com], and AOL. [sitetruth.com]. It may seem drastic to downrate an entire major site because they have a few "minor" exploits. PhishTank itself only blacklists specific hostile URLs. But that's no longer enough. Most modern phishing attacks use a unique URL, and often a unique subdomain, for each user attacked. SiteTruth thus takes a harder line. If a domain hosts something one of the data sources says is an attack, it downrates the whole domain automatically.
It's within the power of the site operator to close such security holes. We encourage them to do so.
Re:What are these "ads" you're talking about ? (Score:1, Informative)
Re:I only found these ads on.... (Score:2, Informative)
Re:Your company/family/school (Score:5, Informative)
It also can block ads (although not with a blacklist as FF, but you can block whole domains).
To me the lesser minds are the ones that can't respect other people choices.
Re:Ah, let the blame game begin (Score:1, Informative)
Google is also known for having a much stronger privacy policy than doubleclick.
Re:What are these "ads" you're talking about ? (Score:2, Informative)
No, but AdBlock (Plus or vanilla) will do this for you.
- Neil
Re:Old news.. and a very old problem. (Score:3, Informative)
Re:Never Experienced This (Score:2, Informative)
is by far the best performing filter I have.