Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.
posted by charon on Sunday May 28 2017, @05:57AM   Printer-friendly
from the where-there's-a-whip-there's-a-way dept.

Ad blockers, our last hope against the onslaught of malvertising campaigns, appear to have fallen, as today, Malwarebytes published new research detailing a malvertising campaign that successfully bypasses ad blockers to deliver their malicious payload.

This malvertising campaign is named RoughTed based on the initial malicious domain at which it was found back in March 2017, but Jérôme Segura, the Malwarebytes security researcher who came across it, says there are clues to show that RoughTed has been active for over a year.

The campaign is very complex and well designed (from a crook's standpoint), as it leverages multiple tricks of the trade, most of which have allowed it to grow undetected in the shadows for so much time.

The word that describes RoughTed the best is "diversity." The operators of this malvertising campaign not only feature traffic from different types of sources, but also include different user fingerprinting techniques, and very different malicious payloads.

Source: BleepingComputer. Segura's original blog posting and analysis.


Original Submission

Related Stories

Pornhub Adopts Machine Learning to Tag Videos as Malvertising Looms 17 comments

Pornhub has begun to use machine learning to automatically tag videos:

Artificial intelligence has proven to be a dab hand at recognizing what's going on in photos and videos, but the datasets it's usually trained on are pretty genteel. Not so for Pornhub, which announced today that it's using machine learning to automatically catalog its videos.

The site is starting small, deploying facial recognition software that will detect 10,000 individual porn stars and tag them in footage. (Usually this information is provided by uploaders and viewers, who will still play a part by verifying the software's choices.) It plans to scan all 5 million of its videos "within the next year," and then move onto more complicated territory: using the software to identify the specific categories videos belong to, like "public" and "blonde."

In a press statement, Pornhub VP Corey Price said the company was joining the trend of firms using AI to "expedite antiquated processes." However, the speed at which PornHub's AI processes the data doesn't seem like it would be an improvement on its current crowdsourced system. While in beta the machine learning software apparently scanned some 50,000 videos in a month. At this rate it would take nearly a decade to scan the entire site, but presumably improvements are being made.

Meanwhile, a security firm has warned that millions of Pornhub users were targeted by "malvertising" for more than a year:

Millions of Pornhub users were targeted with a malvertising attack that sought to trick them into installing malware on their PCs, according to infosec firm Proofpoint.

By the time the attack was uncovered, it had been active "for more than a year", Proofpoint said, having already "exposed millions of potential victims in the US, Canada, the UK, and Australia" to malware by pretending to be software updates to popular browsers.

Although Pornhub, the world's largest pornography site with 26bn yearly visits according to data from ranking firm Alexa, and its advertising network have shut down the infection pathway, the attack is still ongoing on other sites.

Also at TechCrunch, Engadget, and The Sacremento Bee.

Related: BugReplay - Finding How Ads Get Past the Blockers
Linux Use on Pornhub Surged 14% in 2016
Malvertising Campaign Finds a Way Around Ad Blockers
Pornhub's Newest Videos Can Reach Out and Touch You


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough

Mark All as Read

Mark All as Unread

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by MichaelDavidCrawford on Sunday May 28 2017, @06:02AM (1 child)

    But isn't the software industry trying to become more diverse?

    --
    127.0.0.1 www.hosted-pixel.com # I Am Absolutely Serious
    • (Score: 1, Funny) by Anonymous Coward on Sunday May 28 2017, @06:07AM

      by Anonymous Coward on Sunday May 28 2017, @06:07AM (#516655)

      One might say the notion is spreading like a virus.

  • (Score: 3, Touché) by Anonymous Coward on Sunday May 28 2017, @06:35AM

    by Anonymous Coward on Sunday May 28 2017, @06:35AM (#516661)

    Once more with feeling.

  • (Score: 1, Informative) by Anonymous Coward on Sunday May 28 2017, @06:40AM (8 children)

    by Anonymous Coward on Sunday May 28 2017, @06:40AM (#516662)

    Loads of hot air but not a word on how it actually gets past ad blockers.

    • (Score: 2) by MichaelDavidCrawford on Sunday May 28 2017, @06:49AM (7 children)

      will they figure out how to block it, now that it's been discovered?

      I'm quite happy with Ublock Origin.

      --
      127.0.0.1 www.hosted-pixel.com # I Am Absolutely Serious
      • (Score: 0) by Anonymous Coward on Sunday May 28 2017, @07:54AM (4 children)

        by Anonymous Coward on Sunday May 28 2017, @07:54AM (#516671)

        If you had RTFA you'd know it gets past ublock origin.

        But the whole thing relies on JavaScript so it's trivial to snip in the bud.

        I only browse with JavaScript disabled, the only real negative is my bookmarklets won't work. I guess I could fiddle with NoScript to fix this but I rather enjoy my fairly bullet proof existence online and the knowledge 99% of zero days will be ineffective against me.

        • (Score: 0) by Anonymous Coward on Sunday May 28 2017, @08:11AM

          by Anonymous Coward on Sunday May 28 2017, @08:11AM (#516674)

          You could disable all javascript with ublock/umatrix, and then add your own userscripts which are not affected.

        • (Score: 2) by t-3 on Sunday May 28 2017, @08:25AM

          by t-3 (4907) on Sunday May 28 2017, @08:25AM (#516676) Journal

          If you block all scripts with uBlock Origin, how does it get past? I block everything by default and only whitelist sites that I trust on an as needed basis...

        • (Score: 3, Insightful) by anubi on Sunday May 28 2017, @08:27AM (1 child)

          by anubi (2828) Subscriber Badge on Sunday May 28 2017, @08:27AM (#516677)

          Thanks for the JavaScript tidbit.

          As I have said here before, I do not run ad blockers. Never have. I run Script blockers.

          For the exact reason this topic is all about.

          N.B. I run the full "web experience" on my phone. Its damned near useless for surfing the net... Ever tried to read a page that takes five minutes to load? ( Keeps jumping around ).

          If anything, I was hoping more web metrics might result in the following conversation in the executive suite:

          Since we inserted that javascript that runs the video ad, we are noticing that 99.5% of our customers click off our site before it finishes loading.

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
          • (Score: 4, Interesting) by zocalo on Sunday May 28 2017, @10:32AM

            by zocalo (302) on Sunday May 28 2017, @10:32AM (#516702)

            If anything, I was hoping more web metrics might result in the following conversation in the executive suite:

            Since we inserted that javascript that runs the video ad, we are noticing that 99.5% of our customers click off our site before it finishes loading.

            The problem with that idea is the necessary feedback loop doesn't seem to exist, especially where the ads are outsourced to an external provider that simply isn't going to provide the necessary stats because it would kill their business. Lies, damn lies, and "your marketing campaign via our service is doing really well, despite many users never seeing it." Except for those really obnoxious sites that won't work at all without some real time feedback that the ads were served, Ad and Script blockers are good enough to allow people to continue using the site, and so the site gets enough page impressions and revenue from those that don't run blockers to avoid that kind of discussion in the executive suite.

            I just don't see that happening until either enough people start using Ad and Script blockers that the ad-companies can't really fudge the stats any more, and/or more site viewers start making it clear to the site operators that the only way they will consider white listing their site would be if they would accept liability (or punt it to their ad-provider) for any damage due malvertising that might get served up. That's where it breaks down - I'd glady provide that feedback before clicking away from a site, but it's simply not something that sites facilitate, despite it being as potentially simple as including a basic form on their "This site requires JavaScript" version of the home page. Most ad-supported sites seem well aware of the issue, but very few of them seem to be prepared to accept that they are need to be part of any solution - they can't rely on the ad-networks to "sort it all out" for them - and until that changes, I'm going to continue blocking scripts and finding alternative sites to those that insist I enable them.

            --
            UNIX? They're not even circumcised! Savages!
      • (Score: 1, Insightful) by Anonymous Coward on Sunday May 28 2017, @08:04AM (1 child)

        by Anonymous Coward on Sunday May 28 2017, @08:04AM (#516673)

        Also (like stated in the article) blacklisting is a losing proposition. It's almost security theater to operate under the fool me once paradigm.

        • (Score: 1) by anubi on Tuesday May 30 2017, @09:58AM

          by anubi (2828) Subscriber Badge on Tuesday May 30 2017, @09:58AM (#517569)

          Blacklisting is too much like playing whack-a-mole.

          Whitelisting seems to be the way to go. There is a very short list of people I want to talk to anyhow on my personal phone.

          My area is presently experiencing a rash of threatening IRS/Unpaid Debt phone scamming. Some of these guys have enough info on us already to start a credible conversation. Its to the point I just as soon not give anyone I don't know the courtesy of even an answered call anymore. If they have a scam to pull, put it in a letter and mail it. I know good and well they are going to act like a businessman threatening to sue me, and claiming this phone call is his due diligence to contact me, and my blowing him off is just the proof he needs to demonstrate my lack of good faith in front of a judge, or that sort of thing. Once the connection is made, his head will spew off higher and higher amounts of damages it will sue for in an effort to make me pay off a more modest amount now to get the head to go away. It will use lots of legal type terminology to give me the illusion that I am in big trouble, and best to pay now to settle the matter in a timely manner before exorbitant charges begin to accrue.

          I know its a scam. I don't owe anything at all, but neither do I want to spend several days in court trying to explain to a judge that I have never done business with this guy, no matter what papers he says he has. No phone contact? His headfull of bullshit gets delivered to someone else who still gives unknown callers the courtesy of an answered call.

          I am honest with the people I do involve myself with so things do not come to this.

          So, if they need to contact me, use the US Postal Service. They know my address.

          ( Yeh, they won't do that. Big penalties for involving the Post Office in a scam, but its quite OK to involve the Telephone Company in one.)

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 0) by Anonymous Coward on Sunday May 28 2017, @07:57AM

    by Anonymous Coward on Sunday May 28 2017, @07:57AM (#516672)

    ...I call it a successful digital campaign.

  • (Score: 2) by pgc on Sunday May 28 2017, @01:46PM (1 child)

    by pgc (1600) on Sunday May 28 2017, @01:46PM (#516739)

    And what audience are they trying to reach? Do they really expect that those who employ ad-blockers will be happy to see their commercial?

    • (Score: 0) by Anonymous Coward on Sunday May 28 2017, @02:49PM

      by Anonymous Coward on Sunday May 28 2017, @02:49PM (#516759)

      As with bullets, the ultimate recipients are not customers.

(1)