SoylentNews is people
SoylentNews
A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.
Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.
The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.
Users from the United States were ignored, for reasons unknown.
The quiet success of the still-ongoing attacks comes despite that researchers from security firm ESET found earlier variants in late 2014 targeting Dutch users.
Well-known researcher Kafeine, now with Proofpoint, reported on a subsequent massive malvertising campaign in July in which the AdGholas malvertising campaign had ensnared as many as a million users a day.
Those attacks slung banking trojans at British, Australian, and Canadian users with localised ruses.
[Continues...]
AdGholas exploited among others a low-level Internet Explorer vulnerability (CVE-2016-3351) to assist with cloaking that Microsoft was slow to patch.
Victims who surfed various news outlets using Microsoft Internet Explorer and Adobe Flash which did not have recent patches applied could be silently compromised.
[...] Those on other browsers were ignored, as were those running packet capture, sandboxing, and virtualisation software, the latter platforms being hallmarks of white hat security researchers.
The malcode within the ads exploited Internet Explorer bug CVE-2016-0162 for initial reconnaissance and Flash bugs CVE-2016-4117, CVE-2016-1019, and CVE-2015-8651 to get payloads onto machines.
"Despite not targeting the US, the latest AdGholas campaign has once again reached epic proportions and unsuspecting users visiting top trusted portals like Yahoo or MSN [among] many top level publishers were exposed to malvertising and malware if they were not protected," Segura says.
(Score: 4, Insightful) by ledow on Friday December 09 2016, @08:49AM
Sorry, people, but the real problem is, as stated:
"Victims who surfed various news outlets using Microsoft Internet Explorer and Adobe Flash which did not have recent patches applied"
Stop it.
That said, if I was a large company and wanted to push adverts, I'd want a panel where *I* can approve every advert before it shows on the website.
You do that in print.
You do that on the radio.
You do that on TV.
Why WOULDN'T you do that on the Internet? Seriously, just randomly throw whatever your advertising agency suggests on the front page of your website to all your visitors without checking it? That's just asking for trouble.
At absolute minimum, I'd be stating that it be HTML5/Javascript only. Even a stray https:// request in an advert can make your website look broken, if the certificate is wrong or not present.
For the pittance that Internet advertising brings in, I'd want full control of it. I don't get why places like Sky News, MSN, or eBay WOULDN'T.
(Score: 3, Insightful) by Nerdfest on Friday December 09 2016, @10:42AM
Javascript? Not a chance. No active content.
(Score: 2) by TheB on Friday December 09 2016, @08:40PM
Don't forget to disable fonts.
Both Windows and Linux have had font vulnerabilities this year.
(Score: 2) by Nerdfest on Friday December 09 2016, @11:25PM
Already patched. I you want to block fonts you have to block all graphics as well.
(Score: 3, Interesting) by dlb on Friday December 09 2016, @11:33AM
For the pittance that Internet advertising brings in
That's the crux of the problem right there. To make money off of advertising it often has to be handled through a third party that streams targeted ads from a bank of nearly countless ads. It's overwhelming for those running the web sites to control.
So who's to blame? I'm accusing the third parties, like Google. Their business model is quite profitable, and they don't seem to put much effort in filtering the ad content they channel through their system to be placed on the web pages we visit.
I realize it's complex, and that I'm on the outside looking in...but how can these companies keep track of each ad well enough to get paid for having posted it somewhere, but then shrug their shoulders about the exact content of those ads?
(Score: 2) by FakeBeldin on Friday December 09 2016, @10:01PM
I realize it's complex, and that I'm on the outside looking in...but how can these companies keep track of each ad well enough to get paid for having posted it somewhere, but then shrug their shoulders about the exact content of those ads?
This. "They" can organise an auction with your personal profile for your eyeballs within microseconds. On top of that "they" have machine learning technology (for the purpose of profiling users to auction off) beyond anything else. How about they apply that knowledge to detecting "weird" advertisements?
Even if that requires a lot of human intervention in the beginning, within a month or two the algorithms will have learned enough and the false positive / negative rate will have become so small it's manageable.
(Score: 0) by Anonymous Coward on Friday December 09 2016, @12:27PM
if I was a large company and wanted to push adverts, I'd want a panel where *I* can approve every advert before it shows on the website.
This (and most) malware tests for specific attributes before trying to infect the lucky winners of today's internet infection sweepstakes. What makes you think they won't have a special version (or special check) for when you (as the large company) tests the ad? Just think of Volkswagen's fake emissions software but easier to update on the fly.