SoylentNews is people
SoylentNews
A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.
Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.
The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.
Users from the United States were ignored, for reasons unknown.
The quiet success of the still-ongoing attacks comes despite that researchers from security firm ESET found earlier variants in late 2014 targeting Dutch users.
Well-known researcher Kafeine, now with Proofpoint, reported on a subsequent massive malvertising campaign in July in which the AdGholas malvertising campaign had ensnared as many as a million users a day.
Those attacks slung banking trojans at British, Australian, and Canadian users with localised ruses.
[Continues...]
AdGholas exploited among others a low-level Internet Explorer vulnerability (CVE-2016-3351) to assist with cloaking that Microsoft was slow to patch.
Victims who surfed various news outlets using Microsoft Internet Explorer and Adobe Flash which did not have recent patches applied could be silently compromised.
[...] Those on other browsers were ignored, as were those running packet capture, sandboxing, and virtualisation software, the latter platforms being hallmarks of white hat security researchers.
The malcode within the ads exploited Internet Explorer bug CVE-2016-0162 for initial reconnaissance and Flash bugs CVE-2016-4117, CVE-2016-1019, and CVE-2015-8651 to get payloads onto machines.
"Despite not targeting the US, the latest AdGholas campaign has once again reached epic proportions and unsuspecting users visiting top trusted portals like Yahoo or MSN [among] many top level publishers were exposed to malvertising and malware if they were not protected," Segura says.
(Score: 0) by Anonymous Coward on Friday December 09 2016, @07:42AM
lol !! so lame cuz I uze adblock and noscript !!eleven
(Score: 0) by Anonymous Coward on Friday December 09 2016, @07:44AM
I support the sites I love by allowing any and all drive-by installations of malware.
(Score: -1, Troll) by Anonymous Coward on Friday December 09 2016, @07:47AM
Always bend over for well hung niggers. I loves me an assful of cum.
(Score: 4, Insightful) by bradley13 on Friday December 09 2016, @08:48AM
Service active (script) content from third-party servers, gee, what could go wrong? Ads should never have been allowed to run scripts in the first place. Idiots. And, of course, it's Flash again. Flash is a swamp of vulnerabilities. Why is it still around?
Another nail in the coffin of ad-funded content.
Everyone is somebody else's weirdo.
(Score: 2) by edIII on Friday December 09 2016, @10:57PM
That nail though is going to heavily argued. Big advertising never takes responsibility.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 4, Insightful) by ledow on Friday December 09 2016, @08:49AM
Sorry, people, but the real problem is, as stated:
"Victims who surfed various news outlets using Microsoft Internet Explorer and Adobe Flash which did not have recent patches applied"
Stop it.
That said, if I was a large company and wanted to push adverts, I'd want a panel where *I* can approve every advert before it shows on the website.
You do that in print.
You do that on the radio.
You do that on TV.
Why WOULDN'T you do that on the Internet? Seriously, just randomly throw whatever your advertising agency suggests on the front page of your website to all your visitors without checking it? That's just asking for trouble.
At absolute minimum, I'd be stating that it be HTML5/Javascript only. Even a stray https:// request in an advert can make your website look broken, if the certificate is wrong or not present.
For the pittance that Internet advertising brings in, I'd want full control of it. I don't get why places like Sky News, MSN, or eBay WOULDN'T.
(Score: 3, Insightful) by Nerdfest on Friday December 09 2016, @10:42AM
Javascript? Not a chance. No active content.
(Score: 2) by TheB on Friday December 09 2016, @08:40PM
Don't forget to disable fonts.
Both Windows and Linux have had font vulnerabilities this year.
(Score: 2) by Nerdfest on Friday December 09 2016, @11:25PM
Already patched. I you want to block fonts you have to block all graphics as well.
(Score: 3, Interesting) by dlb on Friday December 09 2016, @11:33AM
For the pittance that Internet advertising brings in
That's the crux of the problem right there. To make money off of advertising it often has to be handled through a third party that streams targeted ads from a bank of nearly countless ads. It's overwhelming for those running the web sites to control.
So who's to blame? I'm accusing the third parties, like Google. Their business model is quite profitable, and they don't seem to put much effort in filtering the ad content they channel through their system to be placed on the web pages we visit.
I realize it's complex, and that I'm on the outside looking in...but how can these companies keep track of each ad well enough to get paid for having posted it somewhere, but then shrug their shoulders about the exact content of those ads?
(Score: 2) by FakeBeldin on Friday December 09 2016, @10:01PM
I realize it's complex, and that I'm on the outside looking in...but how can these companies keep track of each ad well enough to get paid for having posted it somewhere, but then shrug their shoulders about the exact content of those ads?
This. "They" can organise an auction with your personal profile for your eyeballs within microseconds. On top of that "they" have machine learning technology (for the purpose of profiling users to auction off) beyond anything else. How about they apply that knowledge to detecting "weird" advertisements?
Even if that requires a lot of human intervention in the beginning, within a month or two the algorithms will have learned enough and the false positive / negative rate will have become so small it's manageable.
(Score: 0) by Anonymous Coward on Friday December 09 2016, @12:27PM
if I was a large company and wanted to push adverts, I'd want a panel where *I* can approve every advert before it shows on the website.
This (and most) malware tests for specific attributes before trying to infect the lucky winners of today's internet infection sweepstakes. What makes you think they won't have a special version (or special check) for when you (as the large company) tests the ad? Just think of Volkswagen's fake emissions software but easier to update on the fly.
(Score: 5, Insightful) by Anonymous Coward on Friday December 09 2016, @09:52AM
The news sites are not at direct fault as they displayed the advertising
Son of a--
Fuck you, they are at the most direct fault of all.
Actively blocking content unless you agree to receive the malwa- I mean, ads. Shaming people who block ads for being leechers and immoral bastards who want everything for free, without even attempting to police the ads themselves. Trying to get laws passed that would make ad blocking illegal. In Germany, repeatedly suing maker of AdBlock (and losing every time).
Yes, they (probably) didn't code the malware or put it on ad networks... but they sure as hell work very, very hard to get you infected.
(Score: 2) by BsAtHome on Friday December 09 2016, @12:31PM
(Score: 0) by Anonymous Coward on Friday December 09 2016, @02:50PM
And in the end -they- are the ones that decide to use those specific ad networks to generate revenue. That's about as directly responsible as they can be. If they used a competent ad network (I don't think any exist yet however as damned near EVERY ad network has cut enough corners to make a buck and ended up letting malware onto their distribution network) then there wouldn't be an issue.
(Score: 0) by Anonymous Coward on Friday December 09 2016, @06:50PM
Such people deserve all the malware they get. Too bad the rest of us have to pay for it as increased bank fees.