Porn surfers have a dirty secret. They're using Internet Explorer:
They're back—attacks that use booby-trapped Web ads to install malware on the computers of unsuspecting visitors.
[...] But over the past month, malvertising has made something of a comeback, security firm Malwarebytes reported this week. Company researchers said they recently found two different groups placing booby-trapped ads on xHamster, a site with more than 1 billion monthly visits, according to SimilarWeb. The ads redirect visitors to sites that serve malicious code. When viewed with Internet Explorer or Adobe Flash, the code can exploit critical vulnerabilities in unpatched versions of Internet Explorer.
"Threat actors still leveraging exploit kits to deliver malware is one thing, but end users browsing with Internet Explorer is another," Malwarebytes researchers wrote. "Despite recommendations from Microsoft and security professionals, we can only witness that there are still a number of users (consumer and enterprise) worldwide that have yet to migrate to a modern and fully supported browser."
Internet Explorer has always been one of the more targeted browsers. In part, that was because of its once dominant market share. Subpar security protections, when compared to Chrome and later Firefox, was another key reason. Microsoft has since released Edge and encouraged all users to adopt it. But the software maker continues to offer IE since custom plugins and software often lock organizations and individuals into using the outdated browser.
The malvertising renaissance seems to be motivated by attackers "squeezing the last bit of juice from vulnerabilities in Internet Explorer and Flash Player (due to retire for good next year)," the Malwarebytes post observed.
(Score: 4, Insightful) by looorg on Saturday September 12 2020, @09:42PM (18 children)
There is some missing information here, or something unexplained. At first I thought this might be some kind of influx of third world browsers sort of using old machines that came with IE installed. That doesn't seem to be the case from the article but instead the main source of infection appears to be in the USA. So have old machines sort of become the porn-surfing machine or are people installing IE on brand new computers? Cause as far as I know no new machines comes with IE installed or as the default browser, or? I thought they all had Edge if they run Windows. I don't think I have seen IE being the default installed and used browser for at least five or six years on a new machine. It would sound or seem odd to download IE on a new machine. Similarly Adobe Flash seems to have been phased out and exterminated as far as the main content providers are concerned. I can't even recall last time I saw any Flash content or had some popup asking me to install flash.
This all leads me to wonder if this is just some resurgence of old laptop or computers in general that just become some general surf machine after it has served it's life as the primary computer. It doesn't make it less stupid or anything but it might explain it if they somehow see a resurgence of IE usage. Cause no new machine should come and run it.
But none of the articles or reports seem to mention or even try to explain as to why this is the case.
(Score: 2) by SomeGuy on Saturday September 12 2020, @10:37PM (12 children)
Go to your brand new Windows 10 computer. Right click the start button. Select run. Enter "iexplore.exe". tell us what happens. That could be restricted on some computers, and you probably won't see icons for it anywhere, but unless they changed a lot of really major things very recently, it is still there.
This is what happens when you make a web browser application an "OS component" - Microsoft CAN'T REMOVE IT WITHOUT BREAKING SHIT.
Flash, however, is a different story. They would have to intentionally install that.
(Score: 3, Informative) by ElizabethGreene on Saturday September 12 2020, @10:55PM (7 children)
Internet explorer is a removable component on Windows 10. Click Start >> Type "Turn Windows features on or off" >> Uncheck the Internet Explorer 11 box >> Click ok.
NOTE: Removing the internet explorer component causes IE mode not to work in Edge Chromium. (Removed means removed.)
<3
(Score: 2) by ElizabethGreene on Saturday September 12 2020, @10:57PM (3 children)
Apologies, I forgot my disclaimer!
Full disclosure: I work for Microsoft, and part of my job as a PFE/Customer Engineer is helping get my customers OFF of Internet Explorer. Yes, I know that makes my opinion invalid.
(Score: 2, Insightful) by Anonymous Coward on Saturday September 12 2020, @11:05PM (2 children)
YEAQH you should be going the other end and get the VENDORS off of IE. Fix the printer web servers and other embedded equipment. Just saw a new peice of equipment on network with EMBEDDED XP! Required by the US Gov for furnace monitoring.
Maybe the better question, why iis the WEB not pure HTML?
(Score: 2) by ElizabethGreene on Sunday September 13 2020, @01:28AM (1 child)
I sincerely hope this is in a segmented network with no access to the rest of your network. That OS is out of support by 4 years. I wouldn't buy a house that didn't have doors; I don't understand why you'd buy systems that don't either.
I have done a lot of appcompat work to get apps working on modern OS. i.e. I wrote the appcompat shim for Solidworks 2015 for Win10 for a customer. Normally when I do appcompat work it's temporary until a vendor fixes it (Dassault fixed SW2015 with a service pack) or because the vendor is no longer around. In situations where the vendor still exists the customer has way more pull with them than we do.
(Score: 2) by toddestan on Sunday September 13 2020, @03:04AM
Some versions of Windows XP Embedded were still supported as of last year. They are all out of support now AFAIK.
I would be a bit surprised to see a new piece of equipment with Windows XP Embedded, unless it's new-old stock, simply because I thought Microsoft wouldn't license new copies of XP Embedded anymore. But perhaps some large OEM/manufacturers have a special deal.
(Score: 1, Troll) by SomeGuy on Sunday September 13 2020, @01:44AM (1 child)
Does this remove the core rendering engine and network communications? If I install a piece of software that loads the IE rendering engine or network component will it refuse to run due to missing DLLS? Does it remove iexplore.exe? If so does copying back the iexplore.exe loader cause it run like nothing happened? I don't have time to check the current mess out there, so either link to technical details that proves me wrong, or shut up. Removing visible access to a program is not the same as removing the program itself.
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @01:22PM
Asking for verified facts and technical details is trolling. Never question Statya's golden brown dick.
(Score: 2) by Common Joe on Sunday September 13 2020, @02:19PM
It's good for us technies to know this little trick, but getting that info to the masses is not going to happen. Anytime someone has to type anything in a "command line box", that means the feature is hidden from the common user. I've read, enjoyed, and support a lot of what you've said in the past, so I'm pretty sure you already know this: The Win 10 User Interface is a complete mess. Since Microsoft is into controlling what we have on our computers, then that check box should have been defaulted off several Win 10 versions ago.In fact, it should be about time to completely remove Internet Explorer. The old Edge just had its engine replaced because Edge lost to Chrome. Internet Explorer should be long off the radar for every day users by now.
(Score: 2) by looorg on Sunday September 13 2020, @11:17AM (1 child)
It's, probably, still there but you would have to specifically ask for it to be run since it's not launching as default which in turn would imply that there is some kind of technical know-how or competence involved, which in turn is almost nullified by running IE as your browser. So it doesn't really explain the sudden rise in IE usage for your porn browsing needs.
I gather I missed, or forgot, about an option mention in another post here and it would be that you are spoofing the user-agent. Which seems like a reasonable answer. But still requires some technical competency as to even know about user-agents and how to fake those, even if it just involved downloading a plugin and clicking some options -- but it's not a default action of any browser or is it? Still it would then again be weird cause it requires some form of technical competency so why on earth would you (re-)install Flash.
This whole thing is just weird and filled with contradictions.
(Score: 0) by Anonymous Coward on Monday September 14 2020, @03:39PM
Never underestimate the ability of a brain-dead monkey to follow instructions to jump through a few hoops to get to their porn. They don't have to understand it, and almost never do. That is how IE got popular in the first place.
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @06:52PM (1 child)
as if any grown man would have a windows computer in the house/office. give me a break.
(Score: 2) by DECbot on Monday September 14 2020, @05:47PM
Yeah, besides they have an iPad.
cats~$ sudo chown -R us /home/base
(Score: 3, Insightful) by choose another one on Saturday September 12 2020, @11:22PM (2 children)
Another option is that it is people hiding their porn surfing in a VM. Uptodate Win 10 VM is gonna take a lot more room than, say a win 7 VM - which would have IE.
Or old win 7 physical machines where IE might still be default - I'm actually typing this on a perfectly functional laptop that came with Win 7 and doesn't support _any_ later version. Officially. It'll run 8 or 10 but there are no drivers for some of the hardware.
In that VM case of course, the malware impact would be minimal - just rollback to the clean snapshot, which you should always do after porn browsing anyway (hypothetically, speaking for a friend...).
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @12:28AM (1 child)
anyone savvy enough to set up a vpn for their porn browsing is going to install FF or chrome.
(Score: 2) by toddestan on Sunday September 13 2020, @03:08AM
If they were smart, they'd run Linux in a VM. Lighter on resources and relatively immune from malware.
Another reason for IE could be there's still porn sites that rely on stuff like Flash. If you need to use Flash for some reason, IE isn't a bad pick because most every other browser makes you jump through hoops or outright refuses to have anything do with it. But I only would do this for a site I trust, or things like old IP cameras on the LAN.
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @09:44AM
And yet another option is that it is people spoofing their user-agent strings because of all the retarded sites that check what browser you are running.
(Score: 0) by Anonymous Coward on Monday September 14 2020, @04:53PM
Mainstream browsers dropped flash support, IE still supports standalone flash plugin. Some sites probably require it.
(Score: 2, Funny) by Snotnose on Saturday September 12 2020, @09:43PM (2 children)
I have Firefox and a VPN.
Oops, forgot the gf reads this site. ^c ^d qui delete exit qq ^xq :q how do I delete this fucking editor!!!!
When the dust settled America realized it was saved by a porn star.
(Score: 2) by krishnoid on Saturday September 12 2020, @10:08PM
Incidentally, wasavi [google.com] is a pretty well-featured Vim [vim.org]-style editor extension for textareas. I think it even works with Gmail.
(Score: 3, Insightful) by DECbot on Sunday September 13 2020, @04:34AM
I was going to suggest the universal alt+F4 or even ctl+w for chrome-like browsers, but apparently you found the submit button, which just so happens to quit the editor too.
cats~$ sudo chown -R us /home/base
(Score: 3, Funny) by Anonymous Coward on Saturday September 12 2020, @09:55PM
...boobie-trapped?
(Score: 4, Insightful) by Gaaark on Saturday September 12 2020, @10:45PM (9 children)
People STILL use Windows?
After all the shit MS puts people through?
After all the shit malware puts people through?
After all the shit......
Sigh.
Get a real OS.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 4, Insightful) by Runaway1956 on Saturday September 12 2020, @11:43PM
Some people won't learn, others can't learn.
(Score: 2) by Common Joe on Sunday September 13 2020, @02:24PM (7 children)
Which real OS are we talking about? Recently, I've been bitching about Ubuntu, Arch, Mint, Debian, and Devuan. Is there a good desktop OS that actually exist?
Side Note: I can't stand Microsoft or Windows which is why I run Linux. I may have "control" of my Linux system, but nobody can get the package system right.
(Score: 2) by Gaaark on Sunday September 13 2020, @06:49PM (6 children)
Wha?
Unless you bork something tremendously, what package system is bad?
Never had a problem with Arch/Manjaro and haven't had a problem with Ubuntu (I'm on Ubuntu because of Steam having some problems on Manjaro playing certain games, but will be back on it once i get a new desktop system i can distro-check with).
I haven't had any package problems in half a decade or more, and that was my borking/fucking with things, which usually something like "apt -f install" (or whatever...haven't used that command in quite a while) would fix.
Meanwhile, all i hear from people on Windows in whinging and whining about EVERYTHING.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by Common Joe on Sunday September 13 2020, @07:44PM (5 children)
Arch is the one that just burned me a few days ago. I was learning Arch and was working with it in a VM. An update completely borked the system so bad that I couldn't run xorg / i3 anymore. At first, I thought it was something I had done, so I pulled out my "working copy" of the hard drive file (just a copy of the file) and reset it. (The installation on my saved file was only one day old.) ArchLinux updated with three files and it borked the system again. That was the only thing that stood between me and a working GUI.
This was only in a VM. It can be argued that I did it wrong because the Arch documentation says I must have the absolute latest host and guest software. (I was running VirtualBox.) My host was another Linux operating system -- where it's package system had an older host. For a guest to say the host must be a certain version is messed up -- especially when the host is only a few months old.
Additionally, if Arch is used, then pacman is used. Pacman has the AUR (Arch User Repository) where the user responsible for keeping everything up to date. (Sigh.) That's not why I use a package repository. I just want to install it, and let the package manager update it when appropriate.
The other problems from the package systems stem from how they work. Linux Mint stopped using Chromium [linuxmint.com] a couple of months ago in their package system (apt) because of games being played by snap. Snap is pretty much controlled by Canonical, so I have a beef about that too.
Flatpak takes up a lot of space.
I like AppImage, but I have to keep it up to date, so that's not really a package system.
And it seems no one package system has what I need. If you like having this and that, you can't avoid having a kludge of apt, snap, flatpak, AppImage, and self compiled things. What's the point of a package system if you have to manage so many package systems?
I use Windows too, and those updates left a very sour taste in my mouth. In fact, it's one of the major things that drove me to Linux several years ago.
So, that's my take on package managers. They all suck.
(Score: 2) by Gaaark on Sunday September 13 2020, @10:36PM (4 children)
Manjaro (arch based) used to be my everyday distro, and there is a graphical package manager (pamac-gui, i think???) that has an option for allowing the system to update AUR programs automatically.
I don't have the time anymore really for remembering CLI commands (sigh), so i often use the graphical options.
Haven't played much with VM's, so .....
That's why i want to get a new desktop setup (I've got about $600 saved up so far): an extra hard drive to distro-hop-check so i can Install instead of mess with VM's. I'll try a few systemd-free options, but may return to Manjaro as my everyday distro, with Ubuntu for games, then retry Slackware, VOID, and maybe LFS...if i ever get time: may have to wait til i retire in, hopefully, 7 years.
The only problem i've had recently is with Manjaro: once an update installed a kernel that wasn't allowing my system to boot (and seemed to de-install my working kernel. All i did was make sure i have at least a couple of working kernels installed at all times: that way if an update borks, i can fall back to another one.
STILL feel way more comfortable with linux than i EVER did with Windows: it's like coming home and slipping into a nice comfy chair...relaxing and de-stressing. With Windows, i always felt stressed: but then again, i haven't used Windows since 1999, thank Dog.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by Common Joe on Monday September 14 2020, @02:50AM (1 child)
What do you use now?
Heh. Now you know what I do with my time when insomnia strikes. I haven't tried Manjaro or Slackware or VOID or LFS. There are too many to try.
Arch's documentation is decent until you're in the weeds then it becomes overwhelming. I like the lists of programs they have so you can kind of pick what you want. It's also the only distro that I've been able to install with a few simple scripts that I wrote. All the other distros I tried needed hand holding during installation, although I have to admit I never tried Slackware. (Not that the scripts were easy to create. My goal was to fully encrypt the hard drive including the swap file on EFI. I managed to do that with great difficulty. Once I understood, it wasn't so bad, but the documentation to bring me to this understanding is awful. The EFI stuff alone is crap.)
Devuan is pretty good for a non-systemd O.S. and it's easy to install, but you'll have to live with the idea that Devuan is based on Debian which is "behind" many other distros with their packages. Their goal is to be stable which they are good at. The flip side is that the user has to know Linux which doesn't sound like a problem for you. My personal favorite is Linux Mint. It has systemd (which I don't like), but it installs easy and "just works". (It's also "the most Windows like" of any of the distros I've dealt with.) With that said, it doesn't negate lots my frustration with some things about Linux Mint. For instance: I put off upgrading from 19.3 to 20.0 until last week. It was nice I had the choice (as they continue to support 19.3 until I had time to deal with the upgrade), but it was also a challenge because there was an actual checklist of things to follow to upgrade. It wasn't "click and go".
I'm (very) slowly leaving the Windows world. Linux is where I want to live, and I'd love to find jobs that involve Linux and not Windows. I do miss some things about Windows, but that was more the 2000 / XP / Win 7 era when Windows actually peaked. I just wish Linux could both be highly customizable and grandma friendly.
You know what they say: "Windows assumes the user is an idiot. Linux demands proof." Truer words were ne'er spoken.
(Score: 2) by Gaaark on Monday September 14 2020, @08:44PM
Im using Ubuntu now, simply because i dont have much time for anything in depth (which is why i stopped using Manjaro: had problems getting Steam to play some games that should have worked.
But i loved Manjaro: its the "Just works" of Arch distros. Easy to use and very quick and stable. Loved it, except for the systemd.
LFS is an adventure just to install, lol.
Slackware is fun, but too much work for the time i have.
If Manjaro was systemd-free, it would be a no brainer...when i get my desktop, i'll probably have it as my work-horse as i hop around with other distros.
Manjaro is customzable AND grandma friendly!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by Common Joe on Monday September 14 2020, @02:56AM (1 child)
You know, it just occurred to me: The original story is about pornography. Meanwhile, you and I are having a good discussion about distro porn. I think we're on the wrong channel. :P
(Score: 2) by Gaaark on Monday September 14 2020, @08:48PM
Rule 34?
Manjaro becomes Mandingo! :)
Can't wait til i have time for distro-hopping again.......
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Funny) by Anonymous Coward on Saturday September 12 2020, @11:27PM (3 children)
Porn surfers still using Internet Explorer?
I'm still stuck on Lynx!
(Score: 0) by Anonymous Coward on Saturday September 12 2020, @11:29PM
no msg
(Score: 2) by DECbot on Sunday September 13 2020, @04:36AM
Ah, it's nice to find another kindred spirit. ASCII art is the best medium for porn.
cats~$ sudo chown -R us /home/base
(Score: 2) by leon_the_cat on Monday September 14 2020, @12:58AM
Time to move to links browser grandpa!
(Score: 0) by Anonymous Coward on Saturday September 12 2020, @11:38PM (2 children)
If you're still using IE, why not enable Clippy too?
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @12:09AM (1 child)
Sexy Clippy?
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @04:58AM
Nope, the slutty one.
(Score: 5, Interesting) by fakefuck39 on Sunday September 13 2020, @12:29AM (5 children)
Out of the box, with all defaults, IE is better for watching most video. This is because most sites serving up video are trying to reduce bandwidth at the expense of seek latency.
Let me tell you what used to happen on pornhub in chrome/firefox:
I scroll through and ctrl-click what I want to watch. This takes 5 minutes, I open about 10 tabs. By the time I'm done opening the last tab, the first 5 are completely loaded, and by the time I'm done with #5, all 10 are preloaded. This means when I seek in the video, using arrow keys for example, the seek is instant.
Here's what happens now:
I open all those tabs, they buffer about the first minute, and then they stop buffering. If I seek, it takes half a second to start playing again. using the arrow keys to seek is now completely useless because as you seek it doesn't update the video. Using the mouse is annoying, and you have to look at a tiny thumbnail for a preview of where you're seeking, then click, then wait half a second.
To make pornhub usable, I have to go into about:config and set mediasource to false. Now it's back to the old behavior and pornhub lets me buffer fully. Except when I'm done with pornhub, I have to go back and change the flag to true, otherwise videos on reddit no longer play.
me, knowing a lot of techy stuff - I can set up a toggle button for that one parameter. It's easier to just use IE for porn though, and firefox for everything else.
(Score: 1, Funny) by Anonymous Coward on Sunday September 13 2020, @05:02AM
It is what it is, son. Get used with a single hand, it's not that hard.
And, fer fuck sake, use a tissue, nobody likes a sticky mouse.
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @04:20PM (3 children)
My guess is that the websites that want to exploit your browser intentionally only work (properly/best) on browsers that they can best exploit. Go to the site with a modern updated patched browser and they either won't work or won't work properly. This is intentional to get you to use a vulnerable browser so they can take advantage of said vulnerability.
(Score: 3, Touché) by fakefuck39 on Sunday September 13 2020, @08:58PM (2 children)
"work properly" here is actually only on new browsers. The new "work properly" way makes seeking a pain, makes the site less useful, but minimizes bandwidth for the host - saving money. Old browsers don't have mediasource functionality, so the site does not work properly - costing more money. The reason people use the old browser is that it's a better user experience, since the new features are anti-user and only beneficial to the host.
so exactly the opposite of what you and your big brain deduced mr holmes.
(Score: 0) by Anonymous Coward on Monday September 14 2020, @01:32PM (1 child)
I was just guessing but since I don't visit those sites I don't really know. You apparently know way more than I do on this ....
(Score: 2) by fakefuck39 on Monday September 14 2020, @03:13PM
right right. you're a guy who's never been on pornhub. gotcha. the people who say they've never been to a porn site are into the most disgusting gayest porn out there. the only reason to say you've never watched porn is because you're embarrassed by the porn you watch. so are you gay? are you into niggers? are you into gay nigers? are you into gaay nigers from outer space? does anyone still get this joke?
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @03:41AM
The 'social gestapo' from Yakima, WA will destroy you if they find out you exist.
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @04:07AM (1 child)
WE'RE TALKING ABOUT PORN HERE! A LITTLE COMPORTMENT, PLEASE.
(Score: 0) by Anonymous Coward on Sunday September 13 2020, @05:48AM
Please think of the children.
(Score: 5, Interesting) by shortscreen on Sunday September 13 2020, @06:33AM (2 children)
Last I heard, Pornhub was not working in Palemoon (and similar forks) with default settings. Spoofing an IE user agent string makes the site work.
(Score: 3, Interesting) by deimtee on Sunday September 13 2020, @09:53AM
I don't know about pornhub, but I regularly spoof my user-agent in order to deal with .gov.au sites. They refuse to serve anything to Palemoon but work fine as soon as I lie about it.
Just checked what it's bullshitting where, most of the time it claims to be firefox, but for some reason on whatsapp it's Chrome on Windows NT. WTF?
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by looorg on Sunday September 13 2020, @11:20AM
It's an option I forgot about. But it would require some form of technical competency to even know about and utilize. So why install Flash again? That just makes no sense at all, almost nullifying any technical competency involved. I guess it could be the desperate needs people go through to see naked pictures (or movies).