The Forbes 30 Under 30 list came out this week and it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list.
On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware "exploit kits," lock up their hard drives in exchange for Bitcoin ransom. The exploit used was a version of hackenfreude.
Forbes has recently taken some flack from Soylent News readers for its heavy-handed approach to ad blockers.
(Score: 3, Informative) by sjames on Sunday January 10 2016, @10:37PM
Sure, it is possible to write a trojan for Linux, but the one you referred to required the user to actually run the app after downloading. The Javascript was nothing more than the standard stuff you'll find when downloading from google, sourceforge, or anywhere else that offers binaries for more than one platform.
A multi-platform drive-by is possible, but the PARTICULAR bit of malware in question doesn't appear to be an example of it. Building it from Javascript isn't enough to make that happen.
That doesn't mean I'm willing to just run any old thing an advertiser cares to toss my way.