This is one reason why I've been blocking ads, since forever. Probably quite hard to achieve this attack vector, but once you have it, your audience (read victims) is massive.
Malware! tainted! ads! infect! thousands! of! Yahoo! users!
Thousands of Yahoo! users have been exposed to malware through malicious advertisements over the past few days, according to research by Dutch security firm Fox-IT. Malware-tainted ads served from ads.yahoo.com were shown to victims in Romania, Great Britain and France, infecting tens of thousands every hour. The first …
-
-
-
-
-
Monday 6th January 2014 13:59 GMT Velv
Re: The real story here
That would be true if the ads were coming from a legitimate source.
However, since the malware is being used by criminals, it's fairly safe to assume they didn't use their real ID when they bought the advertising space (and I'm willing to bet most agencies don't vet their customers - given even Banks have failed to fully "know your customer", what chance have lowly ad agencies got) .
Or alternatively they could have compromised the upload of legitimate Ads.
-
Tuesday 7th January 2014 20:17 GMT Anonymous Coward
Re: The real story here
> That would be true if the ads were coming from a legitimate source
But they are coming from a legitimate source - according to the article they were served from ads.yahoo.com.
Now if Yahoo are so f*cking stupid as to serve their sponsors' ads without first checking them then they fully deserve to be fined off the face of the planet and the CEO locked-up.
So to repeat the previous comment: the real story is why no arrests (and I mean Yahoo execs, not just those behind the scam)?
-
-
-
-
-
Monday 6th January 2014 14:25 GMT Pascal Monett
"technology rarely needed to surf most websites"
Rarely needed that may be, but it's implemented almost everywhere and a fucking nuisance most of the time.
It's come to a point where Java/Javascript is used over HTML in some websites. I guess that some website owners think that killing URL references and destroying easy bookmarking is an acceptable price to pay to prevent . . what? Page scraping ?
I use Firefox with AdBlocker and NoScript. Never been to Yahoo! except when forcefully redirected there.
Now I have another reason not to go there.
-
This post has been deleted by its author
-
Monday 6th January 2014 15:06 GMT Alan_Peery
Is there a JavaBlock addon, ala FlashBlock?
While Jess-- above has a neat trick of running an out of date copy of Java, that means a trade off where you still have old bugs and security problems -- albeit only on sites where you're explicitly allowing. Has anyone created a browser extension like Flashblock, where the functionality is nicely integrated with whitelisting capability? Chrome is all I need at home...
-
Monday 6th January 2014 15:59 GMT Al_21
Re: Is there a JavaBlock addon, ala FlashBlock?
Have you tried to use Google Chrome's "Click To Play" plugin setting? Works well for me.
Settings - Advanced Settings - (Privacy) Content Settings - Plugins... select "Click To Play".
Works well for me, quick and easy to add websites to permanent whitelists, session whitelists or allow individual plugins on a page with a click..
-
-
-
Tuesday 7th January 2014 14:10 GMT Richard 22
I use Yahoo mail and I'm in the UK, but I don't think I was affected (I don't often log into yahoo mail on the web - I use pop3 download to my gmail account). I run noscript, but I did have all of yahoo.com and yimg.com allowed in noscript - I've just updated that to be only mail.yahoo.com, ucs.query.yahoo.com and https://s.yimg.com, and mail still seems to be functional.
-
-
-
Tuesday 7th January 2014 16:51 GMT NotWorkAdminn
Re: Java != JavaScript
I'm probably being hopelessly optimistic, but I'm keeping javascript off and encouraging others to do so. If enough of us stop using it, the webmasters will be forced to rethink.
On a whim I just had a glance at the anaytics for my workplace site for the last 30 days - 45% of visitors Google reckons no Javascript (not sure I believe it's actually that high). The visitors without Javascript have a bounce rate 10% higher than those that do, which I don't find surprising (in fact I'd have thought it would be worse).
-
-
Wednesday 8th January 2014 01:29 GMT Nordrick Framelhammer
How I avoid this.
I use both an adblocking addin and a script management addin in my broweser plus I have a hosts file on my internet machines that block known malware sites plus most of the advert and tracking sites. Once I move to fibre and can ditch the current ADSL modem I will put in a low end box running somthing like Smoothwall which will regularly update it's hosts file from known truested sites, adding further protection.