[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

"International court’s attack on Israel a sign of the free world’s moral collapse"

"Pete Hegseth Is Right for the DOD"

"Why Our Constitution Secures Liberty, Not Democracy"

Woodworking and Construction Hacks

"CNN: Reporters Were Crying and Hugging in the Hallways After Learning of Matt Gaetz's AG Nomination"

"NEW: Democrat Officials Move to Steal the Senate Race in Pennsylvania, Admit to Breaking the Law"

"Pete Hegseth Is a Disruptive Choice for Secretary of Defense. That’s a Good Thing"

Katie Britt will vote with the McConnell machine

Battle for Senate leader heats up — Hit pieces coming from Thune and Cornyn.

After Trump’s Victory, There Can Be No Unity Without A Reckoning

Vivek Ramaswamy, Dark-horse Secretary of State Candidate

Megyn Kelly has a message for Democrats. Wait for the ending.

Trump to choose Tom Homan as his “Border Czar”

"Trump Shows Demography Isn’t Destiny"

"Democrats Get a Wake-Up Call about How Unpopular Their Agenda Really Is"

Live Election Map with ticker shows every winner.

Megyn Kelly Joins Trump at His Final PA Rally of 2024 and Explains Why She's Supporting Him

South Carolina Lawmaker at Trump Rally Highlights Story of 3-Year-Old Maddie Hines, Killed by Illegal Alien

GOP Demands Biden, Harris Launch Probe into Twice-Deported Illegal Alien Accused of Killing Grayson Davis

Previously-Deported Illegal Charged With Killing Arkansas Children’s Hospital Nurse in Horror DUI Crash

New Data on Migrant Crime Rates Raises Eyebrows, Alarms

Thousands of 'potentially fraudulent voter registration applications' Uncovered, Stopped in Pennsylvania

Michigan Will Count Ballot of Chinese National Charged with Voting Illegally

"It Did Occur" - Kentucky County Clerk Confirms Voting Booth 'Glitch'' Shifted Trump Votes To Kamala

Legendary Astronaut Buzz Aldrin 'wholeheartedly' Endorses Donald Trump

Liberal Icon Naomi Wolf Endorses Trump: 'He's Being More Inclusive'

(Washed Up Has Been) Singer Joni Mitchell Screams 'F*** Trump' at Hollywood Bowl

"Analysis: The Final State of the Presidential Race"

He’ll, You Pieces of Garbage

The Future of Warfare -- No more martyrdom!

"Kamala’s Inane Talking Points"

"The Harris Campaign Is Testament to the Toxicity of Woke Politics"

Easy Drywall Patch

Israel Preparing NEW Iran Strike? Iran Vows “Unimaginable” Response | Watchman Newscast

In Logansport, Indiana, Kids are Being Pushed Out of Schools After Migrants Swelled County’s Population by 30%: "Everybody else is falling behind"

Exclusive — Bernie Moreno: We Spend $110,000 Per Illegal Migrant Per Year, More than Twice What ‘the Average American Makes’

Florida County: 41 of 45 People Arrested for Looting after Hurricanes Helene and Milton are Noncitizens

Presidential race: Is a Split Ticket the only Answer?

hurricanes and heat waves are Worse

'Backbone of Iran's missile industry' destroyed by IAF strikes on Islamic Republic

Joe Rogan Experience #2219 - Donald Trump

IDF raids Hezbollah Radwan Forces underground bases, discovers massive cache of weapons

Gallant: ‘After we strike in Iran,’ the world will understand all of our training

The Atlantic Hit Piece On Trump Is A Psy-Op To Justify Post-Election Violence If Harris Loses

Six Al Jazeera journalists are Hamas, PIJ terrorists

Judge Aileen Cannon, who tossed Trump's classified docs case, on list of proposed candidates for attorney general

Iran's Assassination Program in Europe: Europe Goes Back to Sleep

Susan Olsen says Brady Bunch revival was cancelled because she’s MAGA.

Foreign Invaders crisis cost $150B in 2023, forcing some areas to cut police and fire services: report

Israel kills head of Hezbollah Intelligence.


Status: Not Logged In; Sign In

Computers-Hacking
See other Computers-Hacking Articles

Title: My browser visited Weather.com and all I got was this lousy malware [also Drudge, Wunderground, Yahoo]
Source: Ars Technica
URL Source: http://arstechnica.com/security/201 ... -i-got-was-this-lousy-malware/
Published: Aug 15, 2015
Author: Dan Goodin
Post Date: 2015-08-15 11:27:29 by Tooconservative
Keywords: None
Views: 19677
Comments: 77

Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.

The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo's ad network, exposing millions more people to the same drive-by attacks.

Update: A few hours after Ars published this article, Malwarebytes updated the blog post to say the campaign had moved to yet another ad network, which happens to be associated with AOL. Visitors to eBay were among those who were exposed to the malicious ads distributed through the newly discovered network.

Malvertising is a particularly pernicious form of attack because it can infect people who do nothing more than browse to a mainstream site. Depending on the exploit, it can silently hijack computers even when visitors don't click on links. Some browser makers have responded by implementing so-called click-to-play mechanisms that don't render Flash or Java content unless the end user actively permits the plugin to run on a particular site. Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue.

The campaign used against the AdSpirit and Yahoo networks connected to servers run by Microsoft's Azure service. Ultimately, the booby-trapped ads led to attack code distributed through the Angler exploit kit, a software package sold on the black market that makes it easy for criminals to exploit vulnerabilities in Flash, Java, and other software. The AdSpirit attacks were particularly hard to trace because most of the websites involved in the attack were using the transport layer security protocol to obscure the address and encrypt the data. There's no indication the attacks were exploiting vulnerabilities in fully patched software. That underscores the importance of installing security updates as soon as they become available.


Poster Comment:

Install adblockers to be more secure. Ad Block Plus is the classic extension most people use. It has started to allow some "safe non-abusive" ads to slip through. So, after years of being loyal to ADP, I gave it up and moved to uBlock Origin 1.0.0.1 recently.(1 image)

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

Begin Trace Mode for Comment # 20.

#1. To: TooConservative (#0)

Install adblockers to be more secure. Ad Block Plus is the classic extension most people use. It has started to allow some "safe non-abusive" ads to slip through. So, after years of being loyal to ADP, I gave it up and moved to uBlock Origin 1.0.0.1 recently.(1 image)

Your lite-weight recommendations for surfing the web are not just silly but invites further intrusion into one's privacy.

buckeroo  posted on  2015-08-15   11:49:54 ET  Reply   Untrace   Trace   Private Reply  


#2. To: buckeroo (#1)

Pardon me if I think your opinion is worthless.

Adblockers have proven their value over and over at resisting malware and reducing network congestion. It isn't even debatable among tech types.

Tooconservative  posted on  2015-08-15   12:13:52 ET  Reply   Untrace   Trace   Private Reply  


#3. To: TooConservative (#2)

You don't need ad blockers. You need a REAL browser.

buckeroo  posted on  2015-08-15   12:18:08 ET  Reply   Untrace   Trace   Private Reply  


#4. To: buckeroo (#3)

You don't need ad blockers. You need a REAL browser.

What "real browser" are you using that is malware-resistant without adblockers/NoScript/Ghostery/etc.?

Lynx?

Name this browser.

Tooconservative  posted on  2015-08-15   12:21:30 ET  Reply   Untrace   Trace   Private Reply  


#7. To: TooConservative (#4)

Name this browser.

anonymous

buckeroo  posted on  2015-08-15   19:01:08 ET  Reply   Untrace   Trace   Private Reply  


#11. To: buckeroo, TooConservative (#7)

anonymous

TOR with TAILS (thumb)?

nolu chan  posted on  2015-08-15   20:09:42 ET  Reply   Untrace   Trace   Private Reply  


#12. To: nolu chan (#11)

TOR with TAILS (thumb)?

Tor is horribly slow to start with, even more so if you allow all the ads and scripts to load. And Tor doesn't do anything to protect you from browser attacks, either from malicious websites or hacked ad server networks.

Can't be Tor.

Tooconservative  posted on  2015-08-15   20:22:02 ET  Reply   Untrace   Trace   Private Reply  


#13. To: TooConservative (#12)

Tor is horribly slow to start with, even more so if you allow all the ads and scripts to load. And Tor doesn't do anything to protect you from browser attacks, either from malicious websites or hacked ad server networks.

Tor with Tails on a thumb drive leaves your computer totally immune. How does it get attacked?

nolu chan  posted on  2015-08-15   21:30:11 ET  Reply   Untrace   Trace   Private Reply  


#14. To: nolu chan (#13)

Tor with Tails on a thumb drive leaves your computer totally immune. How does it get attacked?

I'm not sure where you read that but it isn't true.

Even assuming that Tor was secure and anonymous, it does nothing to protect your browser from malicious websites and hacked ad server networks. Nothing, nada. No more than using VPN or other proxies protect you from server-based attacks.

Tooconservative  posted on  2015-08-15   21:42:37 ET  Reply   Untrace   Trace   Private Reply  


#15. To: TooConservative (#14)

Tor with Tails on a thumb drive leaves your computer totally immune. How does it get attacked?

I'm not sure where you read that but it isn't true.

Even assuming that Tor was secure and anonymous, it does nothing to protect your browser from malicious websites and hacked ad server networks. Nothing, nada. No more than using VPN or other proxies protect you from server-based attacks.

If I'm running an operating system on a thumb drive, what are you hacking besides the thumb drive?

TAILS - The Amnesiac Incognito Live System. No new programs. No saves. Upon shutoff, it leaves a completely blank slate of all history. It worked for Edward Snowden. Apparently, it works for Glenn Greenwald.

http://www.theverge.com/2014/4/29/5664884/this-is-the-most-secure-computer-you-ll-ever-own

[extract]

In exchange for all the troubleshooting, you get an unusual kind of anonymity. Keeping the operating system on a disk means you’re operating independent of the computer, picking nothing up and leaving nothing behind. It also makes your setup portable. You can launch Tails from an internet cafe and know that none of the programs on the public computer will get in the way of what you’re doing. The new versions of Tails will even hide you within a local network, randomizing the computer’s MAC address to make you even harder to track. None of the methods are completely impenetrable, but together they add up to a major headache for anyone trying to follow you across the web.

nolu chan  posted on  2015-08-16   1:17:24 ET  Reply   Untrace   Trace   Private Reply  


#18. To: nolu chan, Pinguinite (#15)

TAILS - The Amnesiac Incognito Live System. No new programs. No saves. Upon shutoff, it leaves a completely blank slate of all history. It worked for Edward Snowden. Apparently, it works for Glenn Greenwald.

Not much different than using the LiveCDs or DVDs with MAC spoofing.

It isn't as secure as people think. If NSA or others are operating the TOR exit nodes (a good bet they'll succeed in providing directly or compromising some exit nodes), a man-in-the-middle attack works well. In addition, a distro of this type still has a browser fingerprint, in part because people just keep using the same version of the distro. You also have traffic analysis where a person browses to various sites, over and over. Like GMail or Yahoo Mail or online forums.

Tor has never become popular enough to truly shield all its users. That means there are far fewer users to identify, making it easier for NSA/FBI. And those users are nearly all drug traffickers, child porno types, online criminals. Which means they are high-value targets for NSA and law enforcement.

Very few people are willing to go to the trouble of playing Spy V. Spy like Snowden. How many people are going to reboot their home computer to fire it up with a Tor/TAILS stick on a daily basis? Almost no one.

It is also hard to find USB write-protected flash drives. There used to be some around but I haven't seen them in years. These were made by less-known producers like Ritek and Imation and PQI. I'm not sure if they even make them any more.

Other people address the same problems using virtual machines. They keep a small virtual machine with their favorite software pre-installed. They copy it the VM image, use it once, then delete it. Same result as Tor/TAILS (you could even run a Tor/TAILS distro as your VM) but you don't have to keep rebooting but it isn't very portable.

But this thread is about preventing browser hijacks to protect users' daily browsers on their home machines from tracking and attack by malicious ad networks.

I assume that you realize that using a Tor/TAILS stick as you mention is a red flag, moving you to the head of the list for scrutiny by LEO and national security agencies? This was true before Snowden, even more so now.

To use a library or internet cafe to run a Tor/TAILS stick, you have to find one that still allows you to plug in a USB stick and that is set to prioritize USB booting over booting the hard drive.

So do you know of an internet cafe or library in your area that actually allows you to use their USB ports and that allow you to alter the BIOS settings to boot from USB before hard drive (and has no password-protected BIOS settings)?

Let me know if your local library or internet cafe has such machines in those configurations. I think you won't find any of those still around even if they were available some years back.

Most likely, you'll end up using your own laptop, booting with a Tor/TAILS stick and operating off a free WiFi hotspot at a restaurant or hotel or similar location. And is that really your advice to people on how to protect their home machines from drive-by attacks by malicious ad networks? On this little forum of maybe 25 regular posters, how many are going to do that and know how to use such a distro securely? On this forum, Neil would know how to use it. I would. But do we actually go to that trouble? I know I don't.

Tooconservative  posted on  2015-08-16   8:44:47 ET  Reply   Untrace   Trace   Private Reply  


#19. To: TooConservative (#18)

Tor has never become popular enough to truly shield all its users. That means there are far fewer users to identify, making it easier for NSA/FBI. And those users are nearly all drug traffickers, child porno types, online criminals. Which means they are high-value targets for NSA and law enforcement.

TooConservative - You don't know what the fuck you are talking about. And it is your thread.

buckeroo  posted on  2015-08-16   11:27:40 ET  Reply   Untrace   Trace   Private Reply  


#20. To: buckeroo (#19)

You don't like it when someone tells you something you don't like.

Tor is not embraced by millions. It has a very limited audience and always has been quite small.

The idea that Granny is using Tor to read email and post cat pictures is ridiculous. People pursuing (the illusion of) that kind of secrecy are painting a target on their backs with LEO and NSA. And they are far more often than not using Tor for criminal purposes or to try to cover their tracks when they visit websites like TrannyGoatIncest.com.

Tooconservative  posted on  2015-08-16   11:49:57 ET  Reply   Untrace   Trace   Private Reply  


Replies to Comment # 20.

#21. To: TooConservative (#20)

Tor is not embraced by millions. It has a very limited audience and always has been quite small.

ROTFL.

The idea that Granny is using Tor to read email and post cat pictures is ridiculous. People pursuing (the illusion of) that kind of secrecy are painting a target on their backs with LEO and NSA. And they are far more often than not using Tor for criminal purposes or to try to cover their tracks when they visit websites like TrannyGoatIncest.com.

Yeah, like Yukon's silly home web page, correct? The truth is: Surfing the Internet should be used by ALL tools at your disposal to protect your anomymity; not one or two or making product endorsements or disendorsements as you usually perform.

buckeroo  posted on  2015-08-16 12:06:46 ET  Reply   Untrace   Trace   Private Reply  


End Trace Mode for Comment # 20.

TopPage UpFull ThreadPage DownBottom/Latest

[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Please report web page problems, questions and comments to webmaster@libertysflame.com