The Forbes 30 Under 30 list came out this week and it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list.
On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware "exploit kits," lock up their hard drives in exchange for Bitcoin ransom. The exploit used was a version of hackenfreude.
Forbes has recently taken some flack from Soylent News readers for its heavy-handed approach to ad blockers.
(Score: 3, Insightful) by Marand on Sunday January 10 2016, @03:49PM
I can't say this is surprising at all, it's precisely the reason why I use NoScript and/or ad blockers. We get force-fed the idea of "don't run untrusted executables" early on, and it's good advice, but then we get online and told nevermind, it's okay here, allow executable code from any dipshit with a webpage, because otherwise we might deprive that person of the 0.001ยข it would generate in ad revenue. Furthermore, the advertisers have consistently proven that they are either unable or unwilling to get their own shit under control, so there's absolutely no reason to trust code from them.
Like I said in the other comment, there's no way in hell I'm disabling adblock or noscript for some site's advertisers to run whatever the hell they want on my system. Not because the adverts bother me, but because they're distributed in the most unsafe way possible, and the advertisers have had no reason to change that because there's no liability for them. The only way for things to change for the better is if everyone starts blocking the bullshit so that their only way to remain viable is to serve static ads again.
None of this is new, though. It's been the same battle for years, ever since advertising moved from animated gifs into the realm of sleazy JS tricks. It's just gotten bad enough that everyday users are noticing finally. What was new, and the thing I found most surprising about Forbes' aggressive anti-adblock stance, is that they somehow also screwed over people using browser privacy modes. I don't use Chromium regularly, just for one-off site visits, and it's set up to always start incognito. Somehow, incognito mode completely broke Forbes' anti-adblock page redirect, turning it into an infinite loop of loading the same "turn off adblock you pleb" page over and over.