Google's Doubleclick Ad Servers Exposed Millions of Computers To Malware 226
wabrandsma (2551008) writes with this excerpt from The Verge:
Last night, researchers at Malwarebytes noticed strange behavior on sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on the sites were being unusually aggressive, setting off anti-virus warnings and raising flags in a number of Malwarebytes systems. After some digging, researcher Jerome Segura realized the problem was coming from Google's DoubleClick ad servers and the popular Zedo ad agency. Together, they were serving up malicious ads designed to spread the recently identified Zemot malware. A Google representative has confirmed the breach, saying "our team is aware of this and has taken steps to shut this down."
And they wonder why I block ads... (Score:5, Insightful)
Re:And they wonder why I block ads... (Score:5, Insightful)
Indeed.
My hosts file (across my Windows, Linux, and OSX) machines have been using the excellent MSVP hosts (http://winhelp2002.mvps.org/hosts.htm) for years.
Plus, it speeds up internet browsing instead of having the browser ping 10+ different domains.
Re: And they wonder why I block ads... (Score:5, Informative)
Just use adblock+. It is much faster.
Re: And they wonder why I block ads... (Score:4, Informative)
Depends on the browser - IIRC on Chrome, it can't prevent ads from being downloaded, it can only prevent them from rendering. Or at least that was the case several years ago, maybe Chrome's added the APIs for it by now.
Re: (Score:2)
I'm fairly certain that had something to do with Chrome being made by an advertising company. i.e. it was never a technical restriction, but an imposed one.
Though some searching makes it look like this is no longer the case.
Re: (Score:2)
Re: (Score:2)
Faster at what? Bankrupting the people who bring you free content? Hosting and time/effort to build and maintain websites is expensive. People should get paid to deliver websites just as you benefit non-monetarily by viewing a web page.
Entitlement mentality much? How much is left on your EBT card this month?
If they didn't want to go out of business, they would run their own ads and keep careful watch on what those ads do.
It's a pain in the ass to block stuff, but a bigger pain in the ass to get infected, or clean PCs of grandma and other relatives all the time. Nobody would bother blocking if ads weren't intrusive and dangerous.
Re: (Score:2)
Re: (Score:2, Funny)
Careful, otherwise you will end up summoning him
Re: (Score:2)
PS. You FORGOT to use BOLD
Re: (Score:2)
Indeed.
My hosts file (across my Windows, Linux, and OSX) machines have been using the excellent MSVP hosts (http://winhelp2002.mvps.org/hosts.htm) for years.
Plus, it speeds up internet browsing instead of having the browser ping 10+ different domains.
Yup. Been using that for years. Very nice. Very little in the way of bullshit from Google or anywhere else.
You're not the real APK (Score:2)
Re:And they wonder why I block ads... (Score:5, Funny)
I always though doubleclick was a malware site. You mean it's not? Or it wasn't but now it is?
Re: (Score:2)
I always though doubleclick was a malware site. You mean it's not? Or it wasn't but now it is?
Odd how that was marked funny. It's actually +5 informative for sure.
Re: (Score:2)
All of which they are tracking you with (probably more). But I'm sure it's harmless /s
Re: (Score:2)
Fuck Off, AdMob.
Re: (Score:2)
Well, they were advertising for mobile devices - basically the iPhone and later Android devices.
(And Apple and Google were competing to acquire AdMob, but Google eventually paid more and likely paid Apple to create iAds to get around anti-trust).
Oh yeah, don't forget that Google's ad CDN is 1e100.net.
Re:And they wonder why I block ads... (Score:5, Informative)
Sometimes pages serves content from a different domain but that is rare enough to manage manually.
Not anymore.
Far too many sites (/. included) have or use a CDN for content.
And they will fetch at least half a dozen scripts for bookmarking/sharing with facebook/linkedin/tumblr/twitter/pinterest/googlehangouts/etc
Then, they'll try and fetch a non-zero number of tracking/website monitoring scripts.
Ghostery says http://slashdot.org/images/njs.gif [slashdot.org] is a 1x1 pixel tracker for WebTrends.
Re:And they wonder why I block ads... (Score:5, Interesting)
Sometimes pages serves content from a different domain but that is rare enough to manage manually.
Not anymore.
Far too many sites (/. included) have or use a CDN for content.
And they will fetch at least half a dozen scripts for bookmarking/sharing with facebook/linkedin/tumblr/twitter/pinterest/googlehangouts/etc
Then, they'll try and fetch a non-zero number of tracking/website monitoring scripts.
Ghostery says http://slashdot.org/images/njs.gif [slashdot.org] is a 1x1 pixel tracker for WebTrends.
None of that shit is "content" that I want to load, and most of the time blocking it all has little to no effect on the content I want to see.
Re: (Score:2)
As a developer if you use 3rd party javascript libs (like jquery) it can be really smart to use a popular CDN instead of locally hosting because it decreases load time as it's likely already in the user's cache.
Of course it's also smart to load a backup locally hosted version if the CDN version fails.
Re: And they wonder why I block ads... (Score:2, Interesting)
Yeah, we get that, but you know what? Serve up simple JPEG ads, non executable, and refuse anything else. That will kill all malware on your ad server. Don't do that, and a lot of people are going to block ads, and you can monetize that right up your ass. There's no reason at all to have anything in an ad on a website other than images and text. Filter everything else, or die.
Maybe we could make an ad blocker to enforce that? I understand double click needs scripts to track ad effectiveness, but there
Re: And they wonder why I block ads... (Score:2)
On top of all of this many scripts on the page from ad companies are not only tracking the ad but sitting on every event loop. Now when you scroll change focus or many other actions you
Re: And they wonder why I block ads... (Score:2)
Re: (Score:2)
The whole point is to serve ads ... think television ...
Do not want. Neither television nor web becoming like television.
unless you are willing to pay for content directly.
Find a way to monetise it, post it free, or charge for it. No awesome works of art will be lost if some "content" posters quit to do something useful instead.
Re: (Score:2)
That's fine with me. I'll watch their ads if they agree to pay to fix up things if I get hit by malware or identity theft, and agree to actively prevent tracking of visitors.
Sites would not have to charge subscriptions if everyone did this, it is just one potential option. They could just kill off all the "me too" self promotion sites and no one would miss them ("hey, I just started a blog and don't know how to write coherently, but please look at my ads to pay for the drivel!").
Even if they make money wi
Re: (Score:2)
there would be a serious web monetization problem
We had the same problem before web for millenia. We did fine. 99% of low grade websites that would dissapear due to lack of ad sales should not have existed in the first place. Anything of value will find means to stay afloat.
Re: (Score:2)
It is becoming more common, however it still does seem rare for a useful site to do this. Generally when I have to unblock more than a couple third party sites before the main site is usable, it's not worth the effort to unblock more because I was only marginally interested in seeing whatever cat pictures that site had.
Re: (Score:2)
Also of note, zedo.com shows up in NoScript as a site that has javascript awaiting permissions on the /. home page.
Re: (Score:3)
By pimping their visitors with malware? That's the answer?
Re: (Score:2)
Re: (Score:2)
If a couple of ads are 'locking your system' and 'using all CPU time', maybe you need CleanMyPC after all.
There's a hit, sure, but you're painting a picture that your system is a bigger bottleneck than a couple of Javascript calls.
Comment removed (Score:4, Interesting)
Re:And they wonder why I block ads... (Score:4, Insightful)
And spread malware.
I use AdBlock Plus, of course. With Flashblock carrying the other half of the burden.
I am happy these jerks almost exclusively use Flash, HTML5 scares the shit out of me.
Re:And they wonder why I block ads... (Score:5, Interesting)
This whole idea that seems to be pervasive on the net that I should find a "legitimate" excuse to block out the commercial crap that ad companies want to stick down my throat is insidious. l don't need an excuse like "it's malware", I reserve the right to filter out any and all information I don't like. I reserve the right to pick and choose the fonts, to pick and choose the colours, to pick and choose the pictures, and to pick and choose the bits of content of every web page that's offered to me.
I don't accept package deals. I don't care about the experience the content provider wants me to have. I don't care that companies have stupid business models where they try to sell ad space, or try to collect my data to make their ends meet. It's not my problem, and I'll ignore it just because I feel like it. The fact that I'm also blocking malware is just icing on the cake. And if I'm bored, I'll teach others how to do all that too. Just because I'm bored.
I'm not some guest on somebody else's net, where I'm supposed to stay inside a walled garden of bullshit and I need permission to sit down on a chair. It's as much my web as everyone else's, and I'll do what I please with the bits going through my section of tube, malwaew or no malware.
And there's the reason why... (Score:5, Insightful)
I use Adblockers / flashblocker and NoScript.
And I utterly will not reconsider for any reason.
Re: (Score:2)
Wrong.
Right now, there are a few sites (majorgeeks) that ask you to please allow ads because that's what pays for the site and others simply refuse entry.
You will reconsider when sites tell you to disable all ad blockers and hosts files that block ad sites or you will not be able to view the content.
Re:And there's the reason why... (Score:4, Interesting)
you will not be able to view the content.
Sounds like a challenge!
(Not a very hard one, but a challenge nonetheless)
Re:And there's the reason why... (Score:4, Insightful)
I can't think of any website I wanted to visit this year but couldn't due to adblocking. I doubt it's necessary to reconsider any time soon. Even then, I'll first look into alternative websites.
Re: (Score:3)
You're not getting it.
It's not the sites that will block you. It's the ad servers that the site is throwing at you.
If you aren't alive to the ad servers, you're dead to the website.
Re: (Score:2)
No.
YOU make it sound like a difficult problem.
Re:And there's the reason why... (Score:5, Insightful)
Wrong.
Right now, there are a few sites (majorgeeks) that ask you to please allow ads because that's what pays for the site and others simply refuse entry.
You will reconsider when sites tell you to disable all ad blockers and hosts files that block ad sites or you will not be able to view the content.
Wrong. The only thing I'll reconsider is visiting those sites.
Re: (Score:3)
Re: (Score:2)
Indeed.
The Life Cycle of the Internet.
"Those who fail to learn the lessons of the past are condemned to repeat them."
Re: (Score:2)
Yeah, if all the ads were limited to an image, maybe some text and clickable links, it would make everybody happy except the most hard-core advertisers looking for the next big thing and the poor slobs who actually click on the ads.
Re: (Score:2)
Not when it's all of the sites.
Re: (Score:2)
Re: (Score:2)
Cool. You go to two (2) web sites.
I think you'll agree that, as regards the Internet demographics, you don't actually use it.
Re: (Score:2)
That's like saying because we can't fight the government we may as well stop our protests and start loving the government instead. If we can't stop war with a protest we should learn to love the bomb. Do you fail to see the raw anger that these anti-social and irresponsible advertisers are generating? If all of the sites vanish then maybe that will be a good thing.
Re: (Score:2)
No, that's not like what it's saying.
What it's like saying is, you have a choice:
1.) Don't block ad servers
2.) Block ad servers.
In the first case, you get to to see the web's content. In the second case, you don't.
Re: (Score:2)
Re: (Score:2, Funny)
You could just unplug the modem ...
Re: (Score:2)
Wrong.
Or, actually, right, given that the GP was expressing his own personal opinion. But, hey, if you know his mind better than he does...
You will reconsider
Also you can see into the future. Neat!
Re: (Score:2)
We all can see into the future. Advertisers are going to deliver their content to your browser FIRST, and then the content will follow.
We've already been through this.
Perform the following experiment as a predictive exercise to explain what will happen when you use an ad blocker in the future:
In your browser, disable cookies.
Then navigate to sites.
Enable cookies.
Document the experience.
Re: (Score:2)
There's a couple webcomics I read where the "only traitors enable adblock" images are still less obnoxious than the actual ads, so I keep it enabled and just buy some of their swag instead.
Re: (Score:2)
Then adblock didn't achieve its goal if you are having to buy, right?
Re: (Score:2)
Re: (Score:3)
I won't reconsider. When that happens I will not view the content and go elsewhere. Or are you suggesting that there actually is content on the internet that is mandatory viewing?
Re: (Score:2)
I am suggesting that you, which is not representative of any population greater than one, have no reason to be on the Internet,
Re: (Score:3)
any site that demands I disable ad-blockers is not a site I NEED to visit. so, its self-filtering.
(what's the problem, again?)
Re: (Score:2)
If you haven't visited that site before, how can you predict that you don't NEED it?
Re: (Score:2)
Re: (Score:2)
No I won't. I'll just remove that site from my bookmarks file and never go back.
Re: (Score:2)
As more ad servers deny access to content, your bookmark file will fill with dead links.
Re: (Score:2)
If they ask, I'll consider it and I may decide this way or that.
If they lock me out without ads, I'll never visit their site again. I don't want ads, they don't want me as a visitor, we seem to have a concord.
Re: (Score:2)
Then you will visit pay sites.
Re:And there's the reason why... (Score:4, Informative)
I just checked both of the sites you mention, and they show up just fine with no warnings or kick-out messages.
You just have to live with the fact that they both look like they were made in 1996, with no CSS or fancy layouts.
You don't see it? Here's why:
- Firefox (current version, just update as they do, no need to hold back)
- AdBlock+ (to block ad server requests before they ever happen)
- FlashBlock (to stop execution of Flash objects post-load, but pre-run)
- NoScript (to whitelist Javascript execution)
- RequestPolicy (to whitelist Javascript remote loading)
- NoRedirect (because some sites use an onLoad Javascript to remove a time-delayed meta redirect that kicks you to a "use javascript or die" page)
- Ghostery (to refuse all sorts of nasties)
- Click To Play per-element (to put Firefox back to pre-24 behavior for FlashBlock)
- Click to play switch (to allow me to toggle the above click-to-play modifier)
I haven't met a site yet that can stop me from browsing any part of it I want. Couple it with Firebug and good old Web Developer Toolbar, and I can extract things they think are hidden.
That's the problem with all these stupid newbies on the 'net these days: they just don't know how shit works. It's like old-school management just gave them a full-on stupid transplant, and they think they rule the world because they use a frickin' Mac. Nevermind the fact that Mac users are generally about as far removed from "how shit really works" as any computer user can actually get without shorting out their keyboard from the drool.
No offense if you don't fall into that category. I'm just ranting now. You, in fact, seem to be one of the sane people that blocks all of this crap up front. Just don't give up on getting whatever you want just because they throw up a full-screen div overlay. Nuke that shit from orbit with whatever tools you have, and for god's sake, don't be afraid to use an HTTP mimic tool to scrape whatever you damned well please.
Re: (Score:2)
That's an awful lot of trouble to see some cats or boobs. Not worth the bother.
Re: (Score:2)
I actually find that Ghostery is quite nice.
Don't Be Evil (Score:3, Funny)
Stupidity is sufficient.
No surprise (Score:5, Interesting)
Re: (Score:2)
Most of these sites don't know what ads they are serving. They just sign up with some ad suppliers and wait for the pennies to start trickling in with no work or effort on their part. Can you even imagine if television shows did the same thing, allowing anyone and everyone to show an advertisement with no oversight, with viagra being advertised during children's shows and Cheeze Whiz advertised on the Food Channel.
Re: (Score:2)
It's really not Google or any other advertizing reseller as it is the way ads are normally placed on sites. It makes it nearly impossible for even a careful web site to be safe.
Most ads are delivered as links to blobs of ECMAscript. They are difficult to check for malware even by knowledgeable webmasters. And, even the best don't know when some innocuous blob downloaded by might change to something evil at any time. The whole system is nearly impossible to make secure.
For this reason I run NoScript on all s
Yup (Score:4, Informative)
So to all those site operators that cry foul when I say I block all ads all the time: This would be why. It's not because I object to being shown products I might be interested in. It's not because I'm trying to hurt your revenue stream. It's because ad delivery servers are so ubiquitous, they're a major malware vector.
Sorry, but funding your site is not worth my entire network getting infected. You want me to change, lean on the advertisers to stop pushing security responsibility solely on the end user.
Ad Blockers... (Score:5, Informative)
Re: (Score:2)
Just say block (Score:5, Insightful)
DoublcClick has such negative value that their servers should be blocked at firewalls, or at least "host.txt". Even if you have AdBlock, blocking them earlier saves bandwidth.
Re: (Score:3)
At home I made my DNS server authoritative for .doubleclick.net (and admob and few others) all pointing to 127.0.0.1:
% host foo.doubleclick.net
Using domain server:
Name: 192.168.1.5
Address: 192.168.1.5#53
Aliases:
foo.doubleclick.net has address 127.0.0.1
That way mobile devices and everything are covered. Hard to have a hosts file on an unrooted iPhone, etc.
Re: (Score:2)
Re: (Score:2)
127.0.0.1 doesn't respond, so the page won't finish loading until it times out. That's worse than just letting the ad load from a performance perspective.
Seriously? You think if it acted like that anyone would really do that? Or use a hosts file? Really??
Re: (Score:2)
Meh, that's what NXDOMAIN is for I suppose. That's what I get when I try to resolve them. I must have 25 domains configured this way.
Re: (Score:2)
If it doesn't respond, isn't that an instant "not available", why would there be a timeout? I try a connect, I instantly get nothing, browser realizes it has to skip. Also, this all happens in the kernel, not even hitting a device driver.
Why that would be slower than going to google/doubleclick, having them decide on an ad, and sending to me?
Re: (Score:2)
Wrong, you should get an ICMP response immediately.
Unless you're firewalling 127.0.0.0/8 to yourself, which would be incredibly stupid.
Re: (Score:2)
No, you should be getting a TCP RST.
Do you kids know anything?
Re: (Score:2)
You should get an ICMPv4 response with a type value of 3, and code value of 3.
RST happens when something borks up in an existing session, not in response to a SYN. (exception: when firewalls/NAT gateways are configured to reply with an RST, instead of dropping or ICMP).
Don't you kids know anything? [tcpipguide.com]
Re: (Score:2)
I have no idea WTF you are talking about. A closed TCP port emits an RST. It even says so in the very link you posted:
http://www.tcpipguide.com/free... [tcpipguide.com]
"Receipt of a SYN message on a port where there is no process listening for connections."
Next time you try to be a smart-ass, get your facts straight. Idiot.
Re: (Score:2)
You really are an asshole, aren't you? The attitude isn't necessary.
Re: (Score:2)
Because I don't sugercoat idiocy? You had two chances to state simple and correct facts, yet you chose to claim authority over stuff you know jack shit about, being a pompous idiot in the process and now you're all butthurt?
Get off my lawn, kid. Good riddance.
Re: (Score:2)
The stupidity lies in answering with an A record at all.
Just say there is no address (NXDOMAIN). No useless traffic, no semantics to worry about.
Re: (Score:2)
Re: (Score:2)
How does blocking them earlier save bandwidth? AdBlock makes your browser not even try to download the blocked element. I don't see how that results in any useless traffic.
Ad servers in general... (Score:3)
Privoxy (Score:2)
pubads.g.doubleclick.net/gampad/ads?gdfp_req=
blocked by three different rules
d3.zedo.com/jsc/d3/fo.js
blocked
static.the-button.com/d2.php
blocked by a five-year old exploit protection rule
inter.wiab-service.ge/geobalancer/geo2.php
blocked (alright, by a geo-location rule, but still blocked!)
I don't think that one stood a chance here.
So why did it take Google so long to fix this? (Score:2)
malwarebytes (imply that they) reported this on 30 August. Did they report it to Google?
Nearly 3 weeks till it was shutdown on the 19th. That's a hell of a lot of malware getting dished out.
Windows computer please (Score:3)
Popular Zedo? Really? (Score:5, Interesting)
I worked at Zedo pretty early on. I did a year there, pretty much exactly year 2000 (now coworkers now know who I am).
I was their C guy, did an apache module for the adserver, and some mild javascript work until they got a better Javascript coder than me. I also helped out a bit in Java and DB work, and most of the Linux/FreeBSD sysadmin for a bit. We were in a small live-work loft in SOMA where I walked through two slums to get to work.
In the beginning, it was about "choice". We had a small on page ad client. At first a Java one, then a Javascript one, with a GUI that let you choose your ad. It was new, different, and a way to try to get people the ads they want and not have to keep huge track of users. (You can check the patent out [google.com] if you like though I can tell you this was theoretical design and it wasn't built this way). It put the emphasis on the ad, not on the tracking. Ads needed to be designed to be engaging or they'd just be skipped. We kept track of your ad choices, not your pages. It was fun, true startup culture. We were going after the (then) mighty Doubleclick, railing the fact that they stored too much info. I remember tailing the server logs on our first paying gig, cheering as I noticed the URI fragment for the first ad clickthru. We checked the guys IP address, noticed he had an ICQ run webserver on his box, and talked to him over ICQ thanking him for clicking. In hindsight, yeah, that must have freaked him out.
We didn't see Google coming to crush the ad market at all. I had already left but Im sure Google's elephant sized footprints in the market made them radically change their business plan. I didn't talk to them much, and on the web I read stories about intrusive Zedo cookies, heard them called "king of the popunder" and heard stories about "popup blocker blockers". This made me a bit sad, why do all that? But I guess you either do that, or throw in the towel and close up shop. I can't say what I'd do if it was my savings on the line.
As an aside (always a tangent!) I had an 8MM videocamera. Though I filmed some stuff in San Francisco (hey Dave, any news on the video for me?) I always wanted to film us. But I couldn't both work and film. I was actually slightly pissed when Startup.com [imdb.com] came out. Hey that was my idea! But you can't objectively film what you're in.
Re:Google = Direct arm of the CIA/NSA (Score:4, Funny)
The CIA and NSA are direct arms of Google.
Re: (Score:2)
ads != doubleclick.
There are ways for sites to include advertising without surrendering their site to third-party-hosted malware. Many ways which aren't even blocked by adblockers by default. It's a bit more work for them than just using doubleclick/etc, but it's worth it.
So you're really saying that all the stupid/lazy sites will die off or retire behind paywalls. Surely that's "mission fucking accomplished."
(I'm constantly amazed that newspaper and TV-network sites mindless use doubleclick/etc for their w
Re: (Score:2)
No, agregation into packages is completely unacceptable.
Then be prepared to pay $19.99 per year for each website, even if you plan to view only one page on that site, because you are unwilling to pay for bundles of multiple sites. Look at 50 different sites one month? That'll be a thousand dollars.
Re: (Score:2)
0.0.0.0 ad.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ad.n2434.doubleclick.net
0.0.0.0 doubleclick.net
0.0.0.0 a.doubleclick.net
0.0.0.0 b.doubleclick.net
0.0.0.0 c.doubleclick.net
0.0.0.0 d.doubleclick.net
0.0.0.0 e.doubleclick.net
0.0.0.0 h.doubleclick.net
0.0.0.0 i.doubleclick.net
0.0.0.0 j.doubleclick.net
0.0.0.0 k.doubleclick.net
0.0.0.0 l.doubleclick.net
0.0.0.0 m.doubleclick.net
0.0.0.0 n.doubleclick.net
0.0.0.0 o.doubleclick.net
0.0.0.0 p.doubleclick.net
Re: (Score:2)