Domain aging gang CashRewindo picks vintage sites to push malvertising A sophisticated and very patient threat group behind a global malvertising scheme is using so-called aged domains to skirt past cybersecurity tools and catch victims in investment scams. The attackers behind the CashRewindo campaign in many ways operate in the same way as other malvertising crooks. They inject malicious code …
Sorry, I won't.
At the best of times, they're useless. When they get creepy, they want to sell me something I just bought.
Then there are the ads that are downright threats to my computer and/or my privacy/money/data.
NoScript and Ublock Origin, or Brave is what I use, and you can pry them out of my cold, dead hands.
The two extensions are fine for Basic Protection, though if you want to get nifty I recommend Firefox profile builder: https://ffprofile.com/ It recommends uMatrix instead of NoScript, as the former provides more fine grained control, not just over script resources.
They probably just bought that one. I have a domain in operation that was created in the 1990s, but I didn't create it. I'm just operating it now, though in my defense I'm operating it for the same people and purpose as it was set up for back then. Any time a domain is bought from squatters, it will probably look like it's been in existence longer than it really has.
There is a simple way to stop malvertising forever: disallow javascript and tracking in ads. When the internet went from novelty to necessity, ads were static. It worked then, and it can still work now.
But I already know that advertisers will never implement this pro-consumer solution. Their greed trumps my security.
Sadly many organisations use malicious tracking still, so you unfortunately have to make exceptions e.g. for some banking.
For instance, I couldn't use international payment facility of one of high street banks until I disabled ad block completely.
'tis the reason I have two browsers. One for regular use and one I only use for accessing the bank and an online accounting package. The latter is a vanilla setup and only used for those two cases. Neither bank or accounting s/w plaster adverts in their screens so I'm okay with disabling Pi-Hole for the duration if I have to.
Once I'm done it's simply Pi-hole back on, Chrome cleaned and closed and we're back to Firefox for some sanity.
Since last week I have similar issues when attempting to watch TV streamed from the TV company's own web site..........I now have half dozen browsers to choose from if I feel that desperate that I cannot get through life without watching TV
ALF
Disallow third-party JavaScript. Not only would that bring intrusive advertising to a halt, but it would stop all those so-called web developers charging their customers for doing nothing more than boilerplating in endless fad-du-jour libraries for foisting prototype corporate website memes on to the public.
-A.
"There is a simple way to stop malvertising forever: disallow javascript and tracking in ads."
Sorry, that helps with a lot of stuff, but it doesn't stop malvertising entirely. You can still have malicious ads that are static. The ones I hate most are the ads with fake download links because they're the only one I've ever seen working. I was instructing a family member to download some software from a link I sent them, so I knew the landing page was safe, but I didn't know that it had Google ads on it and this family member wasn't blocking them. They clicked on the ad's download link instead of the real one, got an executable, and installed it. Fortunately, it was just a different company's commercial product they hoped he'd buy, but if it was malware, he would have been infected. No scripts were required to deliver that, which is why all ad servers remain blocked.
Or ask your local government to kick asses at network providers. Gangs have been running stable phishing infrastructure on Amazon and Cloudflare for about half a year now. Then there are all the backbone networks that are somehow peering with little /24 networks that are entirely hostile.
> attackers also put a small red circle in the middle of images to throw off computer vision detection tools.
I didn't get this. On Googling, I think it is mis-reported.
One Pixel Attack for Fooling Deep Neural Networks, Su et al
Putting ONE wrong pixel at a selected point in an image can make computer vision detection tools see a ship as a car, a (upside down?) car as an airplane, a cat or horse as a dog.
The "red circle" appears on page 2 of the paper, to highlight the one wrong pixel for reader reference. This would not be the representation on the webpage.
I suppose if a page instructs "Click on the dog" and get a click on the cat, it may presume the clicker is a 'bot and should not be phished.
But some of these images are as horrible as the Captchas on 4Chan. What the heck IS that?
Checking the age of the domain is a good idea, but it would seem to me that the renewal date is just as interesting, if not more so. A domain registered for ten years should have a higher value than one created with just a one-year registration.
(Maybe I'm biased with my domain first registered in 2002 and renewed until 2032.)
Perhaps, but how many people set it on an autorenew? This came up when someone suggested Twitter would lose the person whose job it is to renew theirs (it expires in January) and El Reg's expires in four months. Still, I doubt anyone has to manually renew either, so probably many people have set theirs just to automatically renew each year and doesn't need a ten-year buffer.
This ^
I guess most professional domains are on auto-renew, because those people have more important things to do (I know we do). The only reason to pay for 10 years in advance is to get some minor rebate, and to a professional that $20 rebate is irrelevant compared to the convenience to not having to remember to do something every 10 years. All big "lapsed domain" fiascos were due to not using auto-renew...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
