The Forbes 30 Under 30 list came out this week and it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list.
On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware "exploit kits," lock up their hard drives in exchange for Bitcoin ransom. The exploit used was a version of hackenfreude.
Forbes has recently taken some flack from Soylent News readers for its heavy-handed approach to ad blockers.
(Score: 2) by kurenai.tsubasa on Sunday January 10 2016, @03:10PM
I turned off Ghostery among other things, and the page that begs you to turn off ad blocking loaded about 40 different trackers before letting me in. Fortunately, the main site only loaded about 30 trackers. O.o;;
Suddenly I want to hack forbes.com, not to disable the ad blocker blocker, but just so that it says, “Disregard that, I suck cocks” under the part about being an ad-lite experience.
That is definitely going on the list of websites not to visit when booted into Windows!
(Score: -1, Flamebait) by Anonymous Coward on Sunday January 10 2016, @03:16PM
Disregard that, I suck cocks.
Sorry, force of habit.
-- OriginalOwner_ [soylentnews.org]
(Score: 0) by Anonymous Coward on Sunday January 10 2016, @07:16PM
Your pattern of bad behavior, repeatedly injecting noise into threads for weeks:
December 30 [soylentnews.org]
December 30 [soylentnews.org]
December 31 [soylentnews.org]
January 04 [soylentnews.org]
January 05 [soylentnews.org]
January 08 [soylentnews.org]
January 08 [soylentnews.org]
January 10 [soylentnews.org]
Some are being marked troll and flamebait. They are all clearly SPAM.
(Score: -1, Flamebait) by Anonymous Coward on Sunday January 10 2016, @08:07PM
You seem a bit mad.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Runaway1956 on Sunday January 10 2016, @03:22PM
Now and then, I'm curious enough about an article that I fire up a VM, and c/p the address into a browser there. Read the article, clear cookies, shut the browser down, and watch Better Privacy delete a super cookie.
It doesn't happen very often. Mostly, if the site won't cooperate with my browser, I just don't bother reading it. Mostly, a Google search with some of the terms in the article will turn up some other article using the same sources for it's story.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 3, Interesting) by Runaway1956 on Sunday January 10 2016, @04:28PM
Forget about the "I suck cocks" thing. Some of us like cocksuckers. Instead, put "I eat shit". No one likes a shit eating dog, do they?
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 1) by Noldir on Sunday January 10 2016, @09:14PM
Please keep in mind rule 34 and having said that, in so not gonna Google that...
(Score: 0) by Anonymous Coward on Sunday January 10 2016, @10:17PM
2girls1cup
(Score: 0) by Anonymous Coward on Sunday January 10 2016, @10:21PM
Filing this one under "Asking for it"
(Score: 3, Informative) by gnuman on Sunday January 10 2016, @05:05PM
That is definitely going on the list of websites not to visit when booted into Windows!
Except now there are 100% javascript based exploits.
http://www.computerworld.com/article/3018972/security/ransom32-first-of-its-kind-javascript-based-ransomware-spotted-in-the-wild.html [computerworld.com]
(Score: 4, Insightful) by sjames on Sunday January 10 2016, @05:34PM
It seems unlikely that it is actually cross platform. For one, according to what I've seen, it comes as a self-extracting RAR (not cross platform) and drops it's payload in the start folder so it runs when you log in. That is very much a Windows only thing.
But in general, it's telling that while we spend billions hunting funny plants and people with the audacity to carry 4.1 oz of shampoo, we have seen no significant effort to hynt down and kill the people cranking out cryptolocker and clones.
(Score: 2) by Hyperturtle on Sunday January 10 2016, @08:46PM
But--the people that want access to your stuff don't want your attention drawn to this, which is why they have a "War on Terror" and a "War on Drugs" and not a "War on Cybercriminals".
They'd get shot.
(Score: 2) by Hairyfeet on Sunday January 10 2016, @10:24PM
Sorry but malware guys have already figured out Linux users are trivial to add so they are cooking up cross platform malware [zdnet.com] that simply detects which OS you are on and then grabs the correct exploit. This means you can't go by what you get if you visit the malware on a Windows box as the payload will change if you are on OSX or Linux.
You gotta give them credit, it looks like it really didn't take much to add Linux support, just a few lines.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 3, Informative) by sjames on Sunday January 10 2016, @10:37PM
Sure, it is possible to write a trojan for Linux, but the one you referred to required the user to actually run the app after downloading. The Javascript was nothing more than the standard stuff you'll find when downloading from google, sourceforge, or anywhere else that offers binaries for more than one platform.
A multi-platform drive-by is possible, but the PARTICULAR bit of malware in question doesn't appear to be an example of it. Building it from Javascript isn't enough to make that happen.
That doesn't mean I'm willing to just run any old thing an advertiser cares to toss my way.
(Score: 1, Funny) by Anonymous Coward on Monday January 11 2016, @12:49AM
as the payload will change if you are on OSX or Linux.
Not if your browser ident string is set to Win95!!