back to article Celeb gossip site TMZ was pushing malware at innocent surfers

Celeb goss and dross site TMZ has been serving the world's worst exploit kit to its 30 million monthly visitors after malvertising scum compromised its advertising chain. Readers of the site can be automatically redirected to malicious pages that serve the brutal Angler exploit kit which loads malware capable of all manner of …

  1. Pomgolian
    Holmes

    Adblock & Noscript

    ...plus not giving a flying ***k about celebutards in general means I'm unlikely to have been hit.

  2. Steven Roper

    "Segura says CloudFlare is investigating the use of its network by malvertisers but says the ad networks have kept mum."

    And these same ad networks have the fucking face to demand we trust them and bitch about people using ad blockers?

    Every one of the executives and managers working for those ad companies belongs in the bloody gulag.

    1. Mark 85

      10,000 upvotes for that although I think a bloody gulag would be too good for them. Maybe a cross between a gulag and a Turkish prison...

      1. Destroy All Monsters Silver badge

        How about a Syrian refugee camp that Turkey got 3 billion EUR for to AFAIK not build?

      2. chivo243 Silver badge

        Would that be the Gulag that Max had to face in Mad Max III, "Bust a deal, face the wheel"? Or just your everyday Russian gulag?

        1. Steven Roper

          "Would that be the Gulag that Max had to face in Mad Max III, "Bust a deal, face the wheel"? Or just your everyday Russian gulag?"

          There's a Mad Max III? I always understood that was a non-existent myth, like the equally non-existent Highlander II...

          But no, I was thinking in terms of salt mines. For the rest of their stinking, worthless lives. At least then they'd be producing something useful and it wouldn't cost a bomb to keep them safely locked up as it would putting them in chokey!

    2. Anonymous Coward
      Anonymous Coward

      "Every one of the executives and managers working for those ad companies belongs on the bloody end of an axe handle."

      FTFY ;)

  3. Anonymous Coward
    Unhappy

    Just another case of a common threat

    ... attackers gained access through ad platform ContextWeb and Smartyads, using CloudFlare to hide infrastructure

    And that is why I will continue to use NoScript on automatic block for every site I visit.

    Not because I hate the Ads, but because I value my PC's integrity.

    1. Doctor Syntax Silver badge

      Re: Just another case of a common threat

      "Not because I hate the Ads, but because I value my PC's integrity."

      They're not mutually exclusive.

  4. Anonymous Coward
    Anonymous Coward

    Time for HTTPSA...

    HTTP Secured and *Authenticated*

    I'm not surprised that all those morons who didn't understand that a digital certificate for encryption only is dangerous when you always told people it also meant "trust" - and browser happily show green icons to tell you "everything's fine!"

    Is Cloudflare serving via HTTPS with its own certificates content it doesn't know where they are from?? I would say it is culpable if it *authenticated* those malware contents with its certificates.

    And we'll see more of these, because the paranoids of state snooping (not totally wrong, but still paranoid in their behaviour) are pushing for more encryption without authentication.

    It's really time to separate the two. Is a link using encryption without proper endpoint(s) authentication? Show it's encrypted, but not trusted. Are endpoints properly and fully authenticated? Ok, show it's trusted.

    1. cbars Bronze badge

      Re: Time for HTTPSA...

      "Are endpoints properly and fully authenticated? Ok, show it's trusted."

      How do you do that? You have to trust someone. Back to square one please.

      https = encrypted ("encrypted", doesn't mean well encrypted)

      Not getting a giant warning/padlock/green address bar/whatever = authenticated

      It's up to you which certificate authorities you trust. If you want to keep the defaults, that will work, and you'll get any old advertising network slinging crap at you. If you're 'paranoid' then you can only trust those certificate authorities your mates/employer/clients create.

  5. Anonymous Coward
    Anonymous Coward

    TMZ

    The malware of entertainment and news.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like