SoylentNews is people
SoylentNews
Ad blockers, our last hope against the onslaught of malvertising campaigns, appear to have fallen, as today, Malwarebytes published new research detailing a malvertising campaign that successfully bypasses ad blockers to deliver their malicious payload.
This malvertising campaign is named RoughTed based on the initial malicious domain at which it was found back in March 2017, but Jérôme Segura, the Malwarebytes security researcher who came across it, says there are clues to show that RoughTed has been active for over a year.
The campaign is very complex and well designed (from a crook's standpoint), as it leverages multiple tricks of the trade, most of which have allowed it to grow undetected in the shadows for so much time.
The word that describes RoughTed the best is "diversity." The operators of this malvertising campaign not only feature traffic from different types of sources, but also include different user fingerprinting techniques, and very different malicious payloads.
Source: BleepingComputer. Segura's original blog posting and analysis.
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @07:54AM (4 children)
If you had RTFA you'd know it gets past ublock origin.
But the whole thing relies on JavaScript so it's trivial to snip in the bud.
I only browse with JavaScript disabled, the only real negative is my bookmarklets won't work. I guess I could fiddle with NoScript to fix this but I rather enjoy my fairly bullet proof existence online and the knowledge 99% of zero days will be ineffective against me.
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @08:11AM
You could disable all javascript with ublock/umatrix, and then add your own userscripts which are not affected.
(Score: 2) by t-3 on Sunday May 28 2017, @08:25AM
If you block all scripts with uBlock Origin, how does it get past? I block everything by default and only whitelist sites that I trust on an as needed basis...
(Score: 3, Insightful) by anubi on Sunday May 28 2017, @08:27AM (1 child)
Thanks for the JavaScript tidbit.
As I have said here before, I do not run ad blockers. Never have. I run Script blockers.
For the exact reason this topic is all about.
N.B. I run the full "web experience" on my phone. Its damned near useless for surfing the net... Ever tried to read a page that takes five minutes to load? ( Keeps jumping around ).
If anything, I was hoping more web metrics might result in the following conversation in the executive suite:
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 4, Interesting) by zocalo on Sunday May 28 2017, @10:32AM
The problem with that idea is the necessary feedback loop doesn't seem to exist, especially where the ads are outsourced to an external provider that simply isn't going to provide the necessary stats because it would kill their business. Lies, damn lies, and "your marketing campaign via our service is doing really well, despite many users never seeing it." Except for those really obnoxious sites that won't work at all without some real time feedback that the ads were served, Ad and Script blockers are good enough to allow people to continue using the site, and so the site gets enough page impressions and revenue from those that don't run blockers to avoid that kind of discussion in the executive suite.
I just don't see that happening until either enough people start using Ad and Script blockers that the ad-companies can't really fudge the stats any more, and/or more site viewers start making it clear to the site operators that the only way they will consider white listing their site would be if they would accept liability (or punt it to their ad-provider) for any damage due malvertising that might get served up. That's where it breaks down - I'd glady provide that feedback before clicking away from a site, but it's simply not something that sites facilitate, despite it being as potentially simple as including a basic form on their "This site requires JavaScript" version of the home page. Most ad-supported sites seem well aware of the issue, but very few of them seem to be prepared to accept that they are need to be part of any solution - they can't rely on the ad-networks to "sort it all out" for them - and until that changes, I'm going to continue blocking scripts and finding alternative sites to those that insist I enable them.
UNIX? They're not even circumcised! Savages!