Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Sunday August 16 2015, @05:39PM   Printer-friendly
from the Yet-Again dept.

Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.

The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo's ad network, exposing millions more people to the same drive-by attacks.

Update: A few hours after Ars published this article, Malwarebytes updated the blog post to say the campaign had moved to yet another ad network, which happens to be associated with AOL. Visitors to eBay were among those who were exposed to the malicious ads distributed through the newly discovered network.

Perhaps a positive side-effect of these exploits is the average person may come to pay more attention to security and privacy.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by zafiro17 on Sunday August 16 2015, @06:18PM

    by zafiro17 (234) on Sunday August 16 2015, @06:18PM (#223580) Homepage

    I think the average person is intimately aware that there are threats "out there" but has no idea what they are, how serious they are, or how to defend themselves. Given so much hyperbole and conflicting information, they take the low-energy strategy, which is simply to put their faith/trust in the big companies that run their gadgets (Google, Apple, Samsung). That's not a great strategy, but understanding this stuff is hard work and there's no quick fix.

    I think one reason tablets took off in such a big way is that they provided a safer experience than WinXP running on a Netbook. New OSes like iOS and Android were so much safer (yes, they have problems, but remember we're comparing to WinXP here) and simplified use for the average person.

    Try telling Wendy the receptionist to use a custom hosts file, avoid the most common sites, disable javascript on sites that are useless without it, and so on.

    People know it's a scary world out there, they just don't know how to protect themselves.

    --
    Dad always thought laughter was the best medicine, which I guess is why several of us died of tuberculosis - Jack Handey
    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by Joe Desertrat on Sunday August 16 2015, @07:09PM

    by Joe Desertrat (2454) on Sunday August 16 2015, @07:09PM (#223589)

    Quote>I think the average person is intimately aware that there are threats "out there" but has no idea what they are, how serious they are, or how to defend themselves.

    It will only get worse. Recent commercials for an upgrade of a well known operating system include phrases like "your children will never have to worry about passwords or security".

  • (Score: 0) by Anonymous Coward on Monday August 17 2015, @09:56AM

    by Anonymous Coward on Monday August 17 2015, @09:56AM (#223836)

    and there's no quick fix.

    For this type of attack, there is. It's called an ad blocker. As a side effect, it also makes the web less annoying and less resource consuming.

    It's really time that an ad network gets successfully sued for the damage it does by distributing malware. Ideally by a big company with deep pockets.