back to article Beware of pickpockets and malware-laced banner ads

If you haven't patched that media player or web browser in a while, now might be a good time. MySpace, Excite and Blick have been caught serving banner ads that attempt to install malware on machines running unpatched software. People who visit MySpace chat forums using out-of-date web browsers and media player plugins such as …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Boffin

    Or, better yet

    The best way to do it is to get all the zone information for ad company domains - doubleclick.net etc. - and edit your PC's host file so that their adserver hostnames all resolve to 127.0.0.1 or some other reserved IP.

    It also has the side-effect of not seeing any ads.

  2. LaeMi Qian
    Linux

    I use my browser's built-in add-blocker

    and whitelist sites which I trust and feel deserve my support by showing adds for me to ignore. ;-)

  3. FRLinux
    Linux

    Re: I use my browser's built-in add-blocker

    I am not quite sure this is going to save you. Linux is one answer anyway.

  4. stizzleswick
    Linux

    Ad-blockers are nice...

    ...but none that I know of can consistently take care of layer ads yet. And yep, so far I have seen precious little mal-adware for anything other than Windows, so using a different OS helps a little. Of course, once the percentage of non-Windows users rises, they will also be targeted.

    @ LaeMi Qian: I have seen tainted ads on otherwise perfectly good and trustworthy web sites -- the owner of the URL can't do much if the ad service is letting malware through without noticing. I once got the message "Your Windows computer is unsafe! Install XXXX (Yes) (cancel)" on the homepage of a renowned newspaper. And no, I was not running Windows...

  5. gareth

    RE: Re: I use my browser's built-in add-blocker

    the ad bolcker should save you

    adblock for firefox has a list of the domains to block so the banners are never loaded

    (obviously the white listing of sites will circumvent any protection he gets if he tells adblock (or which ever he uses) to load all content on the page and not just ads that are hosted by the website he is visiting)

  6. Anonymous Coward
    Boffin

    In addition to "or, better yet"

    Block the source domain IP's on the router firewall, if you have one.

  7. Sean Ellis
    Black Helicopters

    Default Deny

    I use a "default deny" stance. Nothing gets run from any site I don't explicitly trust. Ads are blocked, scripts, flash, anything. Adblock plus, with NoScript and CookieSafe just about take care of this for me.

    http://www.ranum.com/security/computer_security/editorials/dumb/ was the article that influenced my security stance the most, and is well worth a read.

  8. TeeCee Gold badge

    @stizzleswick

    I second that. Got just that on Tom's Hardware the other day. I emailed 'em with my findings and got a nice reply back saying they'd identified the bit of scroteware concerned and blacklisted the ad company serving it until they could prove they'd got their house in order.

    If all reputable sites behaved this way, the problem would disappear quicker than snow in the Sahara. The ad servers need to be forced to put controls in place to prevent this sort of thing and summarily severing their revenue streams is the only language they understand.

    It would help here if the marketing idiots who sign contracts with ad servers would learn to insist on a clause to the effect that any misbehaviour would result in them getting turned off until they'd taken effective steps to remedy the situation rather than happily signing something that says something like: "We the bum-sucking ad servers reserve the right to roger you over the table repeatedly if you so much as dream of interfering in our access to your clients"......

  9. Herb Oxley

    HOSTS file

    About 4 years ago after Falk (?) got their servers hacked and started serving malware via banner ads, I started using a HOSTS file that came with Kazaa Lite

    which alias out a ton of 3rd party cookie and ad servers.

    I've since then added Flashblock and NoScript to Firefox ( after the Falk AG incident I stopped using MSIE as my "everyday" browser.

    Now I only use IE for mainstream media sites and ones run by public sector agencies.

  10. Sean Nevin

    Re: Default Deny

    ...Dumbest Ideas in Security...

    Worth a read indeed! Thanks for posting that.

  11. Martin Torzewski

    Who is liable?

    One aspect missed by your commentators so far (techies, bless 'em!) is the issue of liability. When some harm occurs (from as trivial as a family PC having to be rebuilt at, to them, great inconvenience and cost, upwards), who ought to provide compensation?

    I have mailed a UK national newspaper about this in relation to something much more trivial (a button being transparently overlayed by an advert which thus took me to the site of a UK airline) and recieved a holding reply.

    Is it the newspaper which is the end deliverer? The advertiser with whom they contract? And so on upstream. My take is that it OUGHT to be the site which I chose to visit, as I have no control over anything upstream (hence the issue in the first place).

    I don't know where the law stands.

  12. Dave

    Why would you use IE for ANYTHING??

    It's like showing up at the Queen's door in a Yugo.

    What was the topic again? Ads? What ads? I haven't seen an ad in quite some time.

    Get your hosts file from here:

    http://www.mvps.org/winhelp2002/hosts.htm [Updated 01-03-08]

    Then use Adblock+ and maybe Flashblock and NoScript.

  13. Brendon Lucas
    Pirate

    MS FUD doesnt wash, lol

    "Of course, once the percentage of non-Windows users rises, they will also be targeted."

    In reality people want to attack corporations and servers not home users, they want to attack the people who actually have the bigger market share than microsoft they want to atatck the countless Linux or Solaris systems out there, the fact is they can't, because they are inherently more secure by design. So they get hordes of insecure windows machines and just bombard the real computers out there with more traffic than they can handle to temporarily take them offline.

  14. Anonymous Coward
    Linux

    You know it's really bad

    When you bring up your own website and you get "somethingnastyashell.exe is an executable what do you want to do with it?" and you realize this may have been going for a long time friends, family, coworkers, the great unwashed public, have been victimized by your site I took down the banner immediately but who knows how much damage was done it's very horrible. I have adsense now and I haven't seen any driveby goodies for two years but I always check there are people I know who won't visit my site still because they got the malware I don't blame them I am not sure I would trust me either.

This topic is closed for new posts.