Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.
The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo's ad network, exposing millions more people to the same drive-by attacks.
Update: A few hours after Ars published this article, Malwarebytes updated the blog post to say the campaign had moved to yet another ad network, which happens to be associated with AOL. Visitors to eBay were among those who were exposed to the malicious ads distributed through the newly discovered network.
Perhaps a positive side-effect of these exploits is the average person may come to pay more attention to security and privacy.
(Score: 3, Interesting) by Whoever on Sunday August 16 2015, @07:50PM
Those people who think that the free market will solve every problem should be looking at this.
There is information that ad networks are dangerous. There are ad blockers that can solve the issue, yet those ad blockers are not widely used. Why not? According to free market theory, surely people should employ ad blockers and deny revenue to ad networks until those ad networks clean up their act? Why hasn't the free market forced ad networks to clean up their act?
What we have today is a situation where ad networks are able to push their own costs onto their customers with no comeback. In reality ad networks need to police the ads they are serving up. Because they don't police their ads, customers end up with infected machines, which costs real money to clean up. How is this different from the idea that restaurants don't need to be inspected because people will avoid restaurants with bad food hygiene protocols?
(Score: 3, Interesting) by sjames on Sunday August 16 2015, @08:21PM
The free market boosters are missing a few very important conditions that doom it to failure. In this case it's a matter of information and choice. Consumers really don't get to actively choose which outsourced ad network might appear on a site and doesn't have a good way to even get enough information to evaluate the trustworthiness of the ad networks. Even if the information was there, they generally don't have the expertise to decide what constitutes a trustworthy ad network (if there are any).
(Score: 0) by Anonymous Coward on Sunday August 16 2015, @08:26PM
Consumers never get to chose, they get to consume.
(Score: 3, Interesting) by sjames on Sunday August 16 2015, @08:31PM
And so the free market fails repeatedly.
(Score: 1) by Murdoc on Tuesday August 18 2015, @03:02AM
You're forgetting that in cases like this, it is the ad companies that are the "consumers" since they are the ones paying, not the people visiting the sites. So yeah, they do get a choice. The problem is that these "problems" are externalities to them (by two levels even), a different failure of the market system.
(Score: 2) by sjames on Tuesday August 18 2015, @07:13AM
It is valid to view it from either angle. From your angle, the market will not internalize that externality, so it would take regulation. That is, the free market still fails.