SoylentNews is people
SoylentNews
The popular video streaming site DailyMotion has been hit by a malvertising attack. Malwarebytes explains:
We have been tracking an attack via .eu sites for several days but were missing the final payload. However, this changed when we managed to reproduce a live infection via an ad call coming from popular video streaming site DailyMotion, ranked among Alexa's top 100 sites.
This malversiting incident happened via real-time bidding (RTB) within the WWWPromoter marketplace. A decoy ad (pictured below) from a rogue advertiser initiates a series of redirections to .eu sites and ultimately loads the Angler exploit kit.
The bogus advertiser is using a combination of SSL encryption, IP blacklisting and JavaScript obfuscation and only displays the malicious payload once per (genuine) victim. In addition, Angler EK also fingerprints potential victims before launching its exploits to ensure the user is not a security researcher, honeypot or web crawler.
[...] The incident was resolved very rapidly once the proper contacts were made and the problem isolated. For this, we would like to them[sic] all parties involved in taking such prompt action, therefore limiting the potential damage to innocent users.
This particular malvertising attack is one of a few campaigns we have been tracking which is much more sophisticated than the average incidents we encounter daily. We can say that lately threat actors have really stepped up their game in terms of being very stealthy and making a particular ad call look benign when reproduced in a lab environment. Indeed, the problem comes when we suspect foul play but can't prove it with a live infection. It is difficult to convince ad networks to take action, when on the surface there's nothing wrong with a particular advertiser.
Here's some more information about the Angler exploit kit.
(Score: 2) by takyon on Wednesday December 09 2015, @06:20PM
Get enough people to run adblockers/noscript/umatrix and you can be sure they will start serving up static ads through the web servers. I'm surprised we don't see more of it.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday December 09 2015, @07:05PM
You can't really do real-time bidding if you serve from the same web-server.
I think it should be possible to do real-time bidding without JS, but I may be mistaken.
I have noticed that Privacy Badger seems to disable ads: implying that real-time bidding does not work without tracking.
(Score: 2) by takyon on Wednesday December 09 2015, @08:01PM
I bet some sites are capable of doing it. Like the bigger ones, or ones with more reliable hosting (Amazon?)
And if it's JS you want, you can run it on the server now [wikipedia.org]!
More to the point, static ought to be an obvious fallback. Even if it's not in real-time and has less tracking potential, it's better than nothing.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by sjames on Wednesday December 09 2015, @08:56PM
So? It hasn't killed advertising in newspapers, magazines, on TV, billboards, public buses, tee shirts, cars, toilets, walls everywhere, on soundly sleeping dogs, people's faces, etc.
If they can't do it safely and responsibly, then they can't do it.