The Next Ad You Click May Be a Virus 226
Jay notes a Wall Street Journal report about ad networks unintentionally selling empty space to malware loaders (the link is to a syndicating site that doesn't require a subscription to view). The submitter comments: "The labeling of the fake ad sellers as hackers is pretty bogus; there's no hacking involved. Simply sign up for one of these networks, create your fake site, put up another company's creative, and you're good to go." The incidents being reported go back a few months, but the pattern of this criminal activity seems to be coming clear only recently."EWeek.com, a technology news site owned by Ziff Davis Enterprise, in February displayed an ad on its homepage masquerading as a promotion for LaCoste, the shirt maker. The retailer hadn't placed the ad — a hacker had, to direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."
Aren't they all? (Score:4, Insightful)
When will this end? (Score:5, Insightful)
yes, but... (Score:3, Insightful)
Creative? Huh? (Score:3, Insightful)
Another company's "creative?" What the hell does that mean? Is it some industry term for "crappy banner ad?"
And this is why... (Score:2, Insightful)
Re:When will this end? (Score:5, Insightful)
Botnets and financial data have value, so it makes sense that there's profit to be had in finding ways to infect new machines. These are the same douchebags that fill up my gmail Spam folder. If there's profit to be had, and nearly zero chance you'll be caught, people will do pretty much anything. It's human nature. All you can do is improve the sandbox so that people can't (profitably) abuse it, and most of the douchebags will leave.
PC huh? (Score:1, Insightful)
Do these affect Linux or Apple PC's? I'm guessing it's the good old Windows
Why is it that areas where Microsoft want to portray a large market share (either exaggerated by reports from shills or real) they have the words Microsoft and Windows all over the stories, yet when it's something they have an almost 100% market share on (malware compatibility and vulnerability), there's no mention of either Microsoft or Windows; it's all just PCs.
FAO the Microsoft Astroturfers, it was a rhetorical question but feel free to do your job and mod me down for pointing out the obvious. Wait, Ziff Davis does ring a familiar bell, hmmmmm.
Re:Aren't they all? (Score:4, Insightful)
Not News To Me (Score:3, Insightful)
I've been cleaning crap off of computers installed by ad popups for the past year now.
Re:Aren't they all? (Score:4, Insightful)
Evidently someone does, and I'm grateful.
Re:When will this end? (Score:5, Insightful)
I feel your pain. The unfolding truth seems to be that they were always there and humanity really sucks for the most part. The internet just makes it easier to tally the grim statistics.
Re:PC huh? (Score:4, Insightful)
"direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."
Do these affect Linux or Apple PC's? I'm guessing it's the good old Windows .exe and .dll again, an exclusive Windows issue disguised as a "PC" issue.
"direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."
Do these affect Linux or Apple PC's? I'm guessing it's the good old Windows .exe and .dll again, an exclusive Windows issue disguised as a "PC" issue.
Yes, this is a "PC" issue, more specifically it is a "moron PC user" issue. Trust me, if the Linux and Mac marketshare were actually worth targeting for malware writers, you would see the very same kind of malware attacks succeed, because if the user clicks "Yes" to all prompts, what's there to prevent the malware from doing it's thing if it's actually designed to run on Linux.
Re:what ads? (Score:3, Insightful)
And when all the good sites on the internet have disappeared, the people who made them will be back on business on pay sites taking subscriptions.
Better to just get paid directly for quality content, than splitting it with a whole mountain of third parties.
Oh wait, the content isn't so great that people will pay for it? Bummer.
Comment removed (Score:5, Insightful)
Re:When will this end? (Score:1, Insightful)
News flash for you;
Windows is the only platform worth writing virus for.
The others market share added together is not even 10%. Why would anyone write a virus that cannot effect 90% of potential targets.
Re:When will this end? (Score:1, Insightful)
Someone said it before, "You have to understand economics to understand security."
Re:what ads? (Score:3, Insightful)
Well, there's content that you want to read but wouldn't want to pay for. It's something "nice to have", but you wouldn't spit out dough for it.
All those "nice to have" pages would vanish if it weren't for ads.
Re:what ads? (Score:4, Insightful)
And in return adblock and noscript is what keeps these pages in existance.
If you did see those full page flash ads, and you had no chance to block them, would you still visit the page? Or would it not be worth the annoyance and you'd just turn away in disgust? Using adblock and noscript keeps their impressions up and thus keeps the pagemasters from learning that annoying the living hell out of your visitors isn't how you attract people.
Re:We allowed them in (Score:3, Insightful)
> Personally, I wonder if it was a good idea to unlock those doors and pave some ways.
It was certainly NOT a good idea. It was, however, inevitable. Not you, not me, not anyone could have stopped it any more than you could have stopped the widespread use of the printing press. In fact, even *less* than you could have stopped that.
Re:what ads? (Score:5, Insightful)
If you did see those full page flash ads, and you had no chance to block them, would you still visit the page? Or would it not be worth the annoyance and you'd just turn away in disgust? Using adblock and noscript keeps their impressions up and thus keeps the pagemasters from learning that annoying the living hell out of your visitors isn't how you attract people.
People don't care. I find internet ads to be just as annoying as television ads, but most people keep using both without blocking them. Most of the time, when I use someone else's computer, they have no ad-blocking software at all. It's not just lack of knowledge. I just asked my sister if she wanted to block online ads. She said "It's fine. I don't want to mess with it. I really don't care at all." Ads are everywhere in our culture, and most people don't give a damn.
Re:what ads? (Score:2, Insightful)
Re:When will this end? (Score:3, Insightful)
Noniterated game.
Seriously. Reputation is everything. No effect on reputation ==> no morals, at least for many people.
Re:When will this end? (Score:5, Insightful)
Humanity is actually mostly nice, really. It's just that with 7 billion people, even if only .01% are complete assholes, that's almost a million people, and you just know that ALL of those people are on the internet messing with us, and they seem like a billion people thanks to the amplification power of technology.
Re:When will this end? (Score:3, Insightful)
Why would anyone write a virus that cannot effect 90% of potential targets.
Think about it. If you used an OS in that 10%, you would never suspect you had a virus on your system, would never bother to look for one. Meanwhile that keylogger, malware, whatever, will continue to work without you ever finding it.
Re:They come from Windows-land (Score:3, Insightful)
http://news.bbc.co.uk/1/hi/technology/8096822.stm
The answer for this is for both Mac and Linux users to unite behind open standards in protocols and formats, and in Apple's case, demand Apple install them on their stuff. Anytime a user (on any OS) has to install a plugin to see a piece of content on a website, they are potentially vulnerable to installing a fake or infected player. If players are pre-installed, the content shows with no need to install. There'd need to be a no-autostart option on people's browsers too, to prevent unwanted code running.
Of course Microsoft and Apple, along with others like Adobe like using their own formats and protocols to help lock users in so they're not helping their own customers cause.
It is time for users of all platforms to start demanding open standards, which benefit all of us, give us all choice and free us from being locked to any one vendor. Many *nix people have been calling for it for years, it's time that voice was strengthened.
Re:what ads? (Score:3, Insightful)
I have a pretty simple setup. I block all Flash, but otherwise allow ads. I don't block Flash because I want to block Flash ads, I block it because it's almost always annoying and pointless and crashing my computer or slowing it down, regardless of whether it is an ad or not. The fact that Flash ads are blocked is collateral damage.
And I've found that I don't mind most non-Flash ads. I barely ever click on any (save for Google search results), but I don't mind them 99% of the time. And if I do mind them, I just close the window and find the same content on a different site.
So here's a simple rule: If you want me to see your ad, don't use Flash.
Re:PC huh? (Score:3, Insightful)
If you're an idiot, you're vulnerable no matter what OS you're running.
Whether the site is offering you freeporn.exe or freeporn.sh doesn't matter so long as the user runs it.
Sure, on a secure multi-user system you probably can't screw up everyone else's stuff like you can on Windows but setting a botnet daemon or a keylogger to run on user login is easy.
Re:Botmaster webmaster or malware maker mod me dow (Score:1, Insightful)