Why contact PoF when you should be contacting the ad-slingers? They're the ones pushing the scumware at everyone.
Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads. Users of PlentyOfFish are targeted by an array of fake adverts via the site’s ad network (as.360yield.com). This malvertising serves up content from booby-trapped sites. The Nuclear Exploit Kit hosted on …
This post has been deleted by its author
Saturday 22nd August 2015 16:16 GMT silent_count
Sorry 'Your Alien Overlord' and 1980s_coder, I can't buy your reasoning.
If a newspaper printed an advert for something unacceptable (Buy African Children As Your Personal Slaves - $10 + S&H), do you reckon they'd get away with saying, "We just take the advertiser's money but we don't screen whatever they want to print"?
So why shouldn't a website be held accountable for the adverts which they choose to display on their site?
Sunday 23rd August 2015 08:59 GMT chivo243
Great question. So you're saying newspapers screen their ad content in print version. I think regulations require this. But what happens to that newspaper when they hire an ad slinger possibly the same used by PoF for their web version?
I agree with you, but do all website owners? www = wild wild west "yous pays yours monies and yous takes yous chances."
Monday 24th August 2015 07:35 GMT silent_count
I don't know the legal degree of liability for adverts, either in print or on the web. However if what black hats do is illegal* then the law should apply to everyone, and that could just be a good thing.
Visitors to PoF get malware. They sue PoF. PoF in turn sues the add slinger. The add slinger then has plenty of incentive to make sure the next bunch of adds they sling aren't malware vectors.
* Personally I think the internet should be the wild west with no laws governing what you can and can't do but I do acknowledge that's not the world we live in.
Saturday 22nd August 2015 06:23 GMT DryBones
Saturday 22nd August 2015 07:48 GMT x 7
"Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads."
Nothing new - the sites had hacked adverts for a couple of years at least, though maybe not with this specific infection. Avast used to go apeshit whenever I visited it, identifying trojans
Saturday 22nd August 2015 11:30 GMT Wade Burchette
There is one way to fix this problem forever
There is a guaranteed way to prevent malware from spreading through dodgy ads: make web advertisements like they were when the world wide web first took off. If web ads follow the rules below, I will turn off my Ghostery+NoScript add-ons.
(2) Absolutely no flash ads, no exception. This cuts off another attack vector.
(3) Absolutely no autoplay video ads except before a video I chose to view. This means when I visit a web page that has a video, the video does not begin, nor the ad before it, until I push play. Not a security risk, but a huge annoyance.
(4) Absolutely no ads that obscure part or all a website, no exception. Again, just annoying.
(5) Absolutely no ads that use my IP location to personalize the ad. This mean no ads that say "Surprising secret [your city name] man discovers" type ads. Or "Contact your local Acme car insurance agent Alan Smithee today for a great quote" type ads. Again, just annoying.
Saturday 22nd August 2015 15:15 GMT Rol
We need to get doing it for ourselves.
Left to the industry, any solution they implement would by default have a thousand and one back doors and work arounds, so that their interests in sucking the internet dry is not hampered.
I assume most Reg's are familiar with Ad Bloc and No Script and further assume we are not the ones who unduly suffer, it is our less aware friends and relatives that get suckered.
So, how do you implement the likes of No Script on grannies computer without setting up a camp bed and ringing in sick for the next three months, all the while tuning No Script to give the old dear the right balance between protection and usability?
Well, my No Script is tuned to paranoid, as I assume are most others and that setting with a few considerations for those who insist upon Facebook and itunes could be rolled out to the wider community. And that community, without whit or knowledge, can get the benefit from those who tread lightly through the net.
Once computers start rolling out with No Script and Ad Bloc installed with black and white lists, then the advertising industry will have no choice, but to come to OUR table and discuss their survival on OUR terms. At which point I suggest we put them in a room with Wade Burchette (see above)
Saturday 22nd August 2015 20:43 GMT Anonymous Coward
I quite enjoy reading the Guardian. When I read the paper version, I can see that there are adverts on the pages, but they don't stop me from reading the articles. Also every now and again I will read an advert, and maybe I might look into buying the product.
On computers with Adblock and NoScript I can also read the articles just fine, and I don't get to see the adverts at all. That's just as good as the paper version, although I realise that if everyone did this the business model for the paper's website might fall apart even quicker than it is already.
On the iPad I get to see the paper's website in the way that 99 percent of the populace probably see it. It's terribly slow to load, and until all the adverts have loaded I can't read the articles, because the page jumps around to accommodate the banners. When I click to a new page, I have to wait all over again. Clearly this is how the newspaper intended it to be seen, but it's such a horrible experience that I have to wonder why on earth the advertisers and website owner think that's the way to go?