Anatomy of an Attempted Malware Scam

Dynamoo writes "Malicious advertisements are getting more and more common as the Bad Guys try to use reputable ad networks to spread malware. Julia Casale-Amorim of Casale Media details the lengths that some fake companies will go to to convince ad networks to take the bait."

Good Job Scott... apk

[Anonymous Coward]

"They've been on my HOSTS block for years, ever since one of those annoying GIF popups damn near gave me a seizure bouncing in its frame. Have they improved since? - by ScottCooperDotNet (929575) on Thursday August 05, @01:52AM (#33147212)

Good man, & same here: Mod ScottCooperDotNet up, because he knows what he's doing in using HOSTS files!

I say that because custom HOSTS files (especially for defense) are great stuff.

I.E./E.G.-> HOSTS files cover any and ALL "WebBound apps", unlike browser addons which are centered on specific webbrowser programs only. This means external email progs. for example, like Outlook/Outlook Express, are covered as well vs. HTML based email attacks etc./et al...

1 piece of advice though Scott - use 0.0.0.0 as your blocking address because it's smaller than 127.0.0.1, so it reads up from disk faster and thus inits itself quicker into memory, and yet it works the SAME as 127.0.0.1 for the same valuable blocking function vs. known bad sites/servers/hostnames-domainnames - on Windows VISTA/Server 2008/7, 0.0.0.0 is the most efficient blocking address you can utilize in fact for that purpose...

(Also on this account? IF you use Windows 2000, XP, or Server 2003?? You can do that even 1 better, by using 0 (vs. 0.0.0.0 & especially 127.0.0.1 & for the same reasons - better speed & efficiency of loads/reloads of your HOSTS file)).

APK

reputable ad networks?

[stephanruby]

reputable ad networks? What are those? Is he speaking of google ad-sense? or Hulu ads? Personally, I don't consider ad networks that use banner ads as anything that are reputable (this includes any of the shady ad-networks that Google purchased as well). Non-obtrusive text ads, I can deal with. Even Hulu ads, I can deal with since it's film on film. It's just that I hate banner ads, or animated ads, when I'm in reading-mode.

Re:Maybe it's me

[Kireas]

Oddly enough, that's what I thought...a WHOIS on the domains provided, as well as some checks on the bank (to check that the number you are given is actually their number) can't be that hard.

I mean, we have Google. Checking these things must only take another 10 minutes or so...? Nonetheless, can't blame them. 10 minutes adds up across many prospective clients.

Re:I'm Surprized...

[jimicus]

I'm also suitably stupefied. All the "pink" and "red" flags that they are obviously so clever to spot, and which she spends almost the entire article talking about, are just her dancing around the elephant in the room: that she and her team are complete fucking idiots.

Part of me wonders if there is a difference in industries which makes this look so damn stupid.

Anyone in IT has probably seen so much malware, so many phishing and scam attempts that there's a strong chance most of us would have checked any company registration numbers with the relevant authorities, checked WHOIS information and contacted the bank directly using one of the banks' own published numbers before even returning the first email. But if you didn't normally meet such rubbish (because the IT department has already filtered out most of the malware, scams and phishing attempts before they even hit your mailbox), I wonder if you'd develop the same level of cynicism?

Re:I'm Surprized...

[RDW]

There's a suitably harsh analysis here:

http://industrypace.com/frontpage/2010/8/4/who-can-you-trust-interactive-advertising-is-dangerous.html [industrypace.com]

Re:127.0.0.1 for Casale

[Anonymous Coward]

Your firewall is misconfigured. Dropping instead of denying is a shitty default policy.

Re:Good point on "loopback operations" AC

[Anonymous Coward]

Jesus Fucking CHRIST APK, do you have to pop up every time there's an article about hosts files?

Why do you have such a fucking hard-on for them anyway? Why can't you just get an account so we can fucking block your whining, retarded drivel?

Re:Do this math inside then... apk

[psm321]

Attacking your abuse of HOSTS files is not an attack on you. Please understand that.

Now for an attack on you: How can you have a degree and yet think it's consistent to say that shaving 2 bytes per line off (going from 127.0.0.1 to 0.0.0.0) cuts a file size down by 9MB but then shaving an additional 6 bytes per line off (0.0.0.0 -> 0) cuts only 4MB?

Now I need to force myself to stop replying to this thread, I feel like I'm being drawn into this sort of situation: http://xkcd.com/386/ [xkcd.com]

Re:You lost me at "reputable ad networks"

[Aphoxema]

In so many words others have expressed what I have summarized down to "advertisers don't respect their audience." Their approach has almost always been the capitalist "what the market will bear" approach and as people have grown accustomed to being assaulted with ever more eye-catching colors, styles, techniques and technologies, the limits of what the market will bear erode. People no longer realize they are being disrespected. Their paid-for internet connection are being utilized. Their time is being wasted. They will install software that resists being uninstalled and drains performance and stability from their computers. I see no end to what they will do.

There is a blurry and indistinguishable line between "reputable ad networks" and "the bad guys." The reputable are certainly not constrained by morals and not by law. How can we know they aren't simply being complicit?

They're disrespectful and idiots. What "targeted advertising" gets is showing people what they already have. I play EVE Online. I look up stuff on EVE Online. Going by my cookies and such, advertisers know I play EVE Online. So, what is advertised to me? To try EVE Online. They succeed in nothing.