Computers-Hacking
See other Computers-Hacking Articles
Title: My browser visited Weather.com and all I got was this lousy malware [also Drudge, Wunderground, Yahoo]
Source:
Ars Technica
URL Source: http://arstechnica.com/security/201 ... -i-got-was-this-lousy-malware/
Published: Aug 15, 2015
Author: Dan Goodin
Post Date: 2015-08-15 11:27:29 by Tooconservative
Keywords: None
Views: 19315
Comments: 77
Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said. The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo's ad network, exposing millions more people to the same drive-by attacks. Update: A few hours after Ars published this article, Malwarebytes updated the blog post to say the campaign had moved to yet another ad network, which happens to be associated with AOL. Visitors to eBay were among those who were exposed to the malicious ads distributed through the newly discovered network. Malvertising is a particularly pernicious form of attack because it can infect people who do nothing more than browse to a mainstream site. Depending on the exploit, it can silently hijack computers even when visitors don't click on links. Some browser makers have responded by implementing so-called click-to-play mechanisms that don't render Flash or Java content unless the end user actively permits the plugin to run on a particular site. Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue. The campaign used against the AdSpirit and Yahoo networks connected to servers run by Microsoft's Azure service. Ultimately, the booby-trapped ads led to attack code distributed through the Angler exploit kit, a software package sold on the black market that makes it easy for criminals to exploit vulnerabilities in Flash, Java, and other software. The AdSpirit attacks were particularly hard to trace because most of the websites involved in the attack were using the transport layer security protocol to obscure the address and encrypt the data. There's no indication the attacks were exploiting vulnerabilities in fully patched software. That underscores the importance of installing security updates as soon as they become available. Poster Comment: Install adblockers to be more secure. Ad Block Plus is the classic extension most people use. It has started to allow some "safe non-abusive" ads to slip through. So, after years of being loyal to ADP, I gave it up and moved to uBlock Origin 1.0.0.1 recently. 
Post Comment Private Reply Ignore Thread
Top • Page Up • Full Thread • Page Down • Bottom/Latest
Comments (1-37) not displayed.
.
.
.
#38. To: nolu chan, TooConservative (#35)
TooConservative isn't too savvy about serious GNU software. We frequectly use signatures to authenticate software besides the website (itself). Often the software is not a download exectable file. It is an ISO image. Or we use torrent. His fears leave him in the dust. I doubt he has programmed with any high level program.
I am not using a proxie.
True. If you look in the Chrome Store or the Google Play store, you'll find tons more. That's because it is open-source stuff and easy to crank out new versions. And they all use the same blacklists/whitelists, it seems.
How do you know they aren't. It would be far from the first time that American intel and LEO agencies decided the easiest way to control something is to be right at the center. And you only need compromise a few key contributors to achieve your goals. Certainly, it is entirely possible and is a straightforward solution.
For someone claiming such tech expertise, you seem incapable of understanding what this thread is about. If you understand HTML/Javascript, you can look at the source code at the top of the thread to see a malicious Javascript attack embedded in an ad served by an ad network. Clearing the cache will do nothing to stop this threat. I can see why you were so careful not to tell us what you are using because it must be awfully dumb if this represents your overall level of technical sophistication. You seem to have no grasp of the various attacks being staged against web browsers currently.
Are you sure you even know what that is? I only ask because you misspelled a very common term in networking.
Eric Eoin Marques, 28 year-old man in Ireland believed to be behind Freedom Hosting, the biggest service provider for sites on the encrypted Tor network, is awaiting extradition on child pornography charges. It is understood the FBI had spent a year trying to locate Mr Marques. Marques was arrested on a Maryland warrant that includes charges of distributing and promoting child porn online. He faced four charges relating to alleged child pornography offenses with a total of 30 years jail, reportedly dubbed by the FBI as “the largest facilitator of child porn on the planet.” That need has been particularly heightened with the many revelations of the US Prism program and other cyber spying initiatives. You don't suppose the feds seized all his gear and forced him to inform on his users, do you? No. I don't even think the FBI seized his body. Maybe you are thinking of some other Eric Eoin Marques. Your cited article on Eric Eoin Marques is two years old. How about an update? How is the prosecution progressing? Has the FBI got their man yet? Do they expect to get him? Do they now expect to ever get anyone from Ireland who could possibly get a life sentence in a Supermax? Do better research.
I misspeil all kinds of words. What is new? When I do mispell, it is becasue of my intentional misuse of a term. I am particularly fond of, "publick" as it attempts to demonstrate my total disdain for any social services.
It's open source. Nobody cares who wrote it when the whole world can examine the source code. The thread is about avoiding malicious adware, not the NSA. To safely evade the NSA, go off the grid. Or use µBlock if it gives you a sense of security. Or you could try a fluffy security bear.
No, thanks.
I think they will get him. Vice, 5/2015: The US Is Trying to Extradite a Notorious Dark Web Admin This Week Ireland is thumbing its nose at extradition. At some point, there will be a heavy price to pay for this. Sooner or later, they will want to extradite someone from America. Or the U.S. will withhold cooperation on other matters that are important to Ireland. This child porn purveyor will eventually pay for his crimes and for making money off of the sexual abuse of children. Until then, I guess he can keep sleeping on the couch of his dad's 1-bedroom apartment.
You're the one who dragged it into "Snowden evaded detection with Tor/TAILS". I said that was irrelevant from the start and then started documenting why Tor/TAILS is only more secure than conventional solutions but is not totally secure.
Chan did not suggest "total security" with any software. He provided options for security is all. You can take your highfallutin' "adblocker software" and stuff it; as IT also poses a risk to your Internet experience and (perhaps) your local files.
Can you name a single example of this? In cases where ABP had security holes, it was patched quickly and I never read any reports of a hole doing anything more than letting some ads get through. The greater hazard with ABP (and others) is that you'll want to read a website that blocks users of adblockers and you'll then enable ads on that site and get hit by a hacked ad network. I haven't read of it happening but it is likely that it has at some point.
LQQK, don't goto Drudge or WeatherChannel if you are so afraid of their mischief. If you wrap up your Internet experience based on some "protection software" because you are plain ignorant of how to achieve anonymous status that is all on your shoulders. You sound like you want to patch "this" or "that" all the tyme and then bring your complaints to a forum that doesn't care about your complaint at all. This thread is proof: your hit ratio is a total loser of about 4.
µBlock or AdBlock Plus should be helpful with malicious adware. Malwarebytes Premium or some malware product should be around, and a good Anti-Virus and Firewall, several are available. Also, security settings matter. TAILS does not perform miracles. It provides information on what it does, and does not, do. Allen's Axiom: When all else fails, read the instructions, like the one about the signing key. https://tails.boum.org/doc/get/trusting_tails_signing_key/index.en.html [excerpt] Following the previous scenario, when Alice met Bob, a Tails developer, she could have made a new signature on Tails signing key with her own key to certify this trust relationship and make it public. Tails signing key would now come along with a signature made by Alice. Tails signing key is actually already signed by the keys of several official developers of Debian, the operating system on which Tails is based. Debian makes an extensive use of OpenPGP and you can download the keys of all Debian developers by installing the debian-keyring package. You can then verify the signatures those developers made with their own key on Tails signing key. [detailed instructions follow] Or one could eat loads of Cap'n Crunch, hoping to find a free gift of TAILS on a dongle.
Yeah, good luck with explaining all that to Grandma and Uncle Jim. Tor/TAILS is not a working solution for even 0.1% of web users trying to keep their browser secure. These various LiveCD/LiveDVD distros have been around for years. And virtually no one ever uses them. I'm pretty sure you aren't. While I have tried them just out of interest, I don't use them either. For the most part, you're talking about solutions only used by tens of thousands of users in the First World countries. Usage is likely much higher in countries with repressive regimes. However, possessing a Tor/TAILS stick would be cause for arrest/interrogation in most of those countries.
I just got my free gift in a CrackerJack® box.
These ad networks are pervasive and are present on many other websites. The article uses those as an example of prominent sites used by a lot of readers. The issue of anonymity, much as you are blathering on about it, is not the question here. Given how bog ignorant your posts on this thread are, I begin to wonder if you know anything about computer, browser, and network security issues. Browser security from Javascript attacks is not remotely related to anonymity. Yet you prattle on about anonymity. Even if you fully anonymize your network connections by various means, browsing to Drudge and hitting one of these Azure malware-infested ads will still infect your browser. That is the only issue this article/thread addresses. But thanks for not contributing even one word to the actual topic of this thread and hijacking it to pat yourself on the back about how great you are at anonymizing your network interface. Nice work.
It is my pleasure to serve you, anonymously.
http://motherboard.vice.com/read/the-us-is-trying-to-extradite-a-notorious-dark-web-admin-this-week Written by That's your best effort? The U.S. was still trying in May 2015? Have they succeeded? You could at least note that the May extradition hearing never even happened. Giving me the first available Google link from 2015 with predictions that did not happen, and now appear unconstitutional in Ireland, appears to be blather rather than a good faith effort. He was not extradited in June, either. In November 2014 the Supreme Court heard that, after a ruling in the case of Ali Charaf Damache, the State accepted Mr Marques should also be granted leave for judicial review. Ms Justice Donnelly remanded Mr Marques in custody until 29 June and put the matter in for mention on 16 June. And looking at the Damache decision, there is approximately no chance the U.S. will ever succeed unless they reduce the possible punishment. The Damache decision holds such an extradition would be unconstitutional. Moreover, any alleged crime was committed by an Irish citizen in Ireland. U.S. government hacking in Ireland is not the most popular thing going around. In Ireland, the alleged offences did not amount to a crime so heinous that a person would be imprisoned for the rest of his life – he would receive a determinate sentence – while in the United States, he would effectively receive a life sentence without the possibility for parole, Mr O'Higgins said. On Tuesday Mr O’ Higgins told the court the principal facts of the case included the proposed extradition of his client who could be prosecuted in Ireland. He said his client had offered to plead guilty and a means by which he could be prosecuted. Counsel said his client lived in Ireland since he was six years old and his parents and sister remain in this country. Mr O’ Higgins said that Dublin was the place of the commission of the alleged offences and the policing authority which arrested him were the Garda Siochana, who would be able to give evidence in the case. Furthermore he said a computer was seized in Mountjoy Square.
Good luck using µBlock to evade the NSA.
You can't evade the NSA. You have to resort to classic low-tech espionage methods from the Cold War. These are still remarkably successful.
Better than anything you offered on the case. It has been one delay and continuation after the next.
Do you invent all your quotes? Of course, that is a bullshit quote you made up. I didn't say that. And you have yet to show how ad malware is attacking a thumb drive that has been properly installed. What is said was, Read it again and try to comprehend the context. There is nothing there that was not there. When you start it up again, there is no malware there to start up.
Good try. You tried to fake it and didn't do too good. You didn't even know about the Damache decision. You pulled your #48 prediction, "I think they will get him," right out of your.... wherever. It is based on nothing.
I didn't say I could. Good luck then using µBlock to evade the NSA.
I do think they will get him. It may take a while longer. Sooner or later, Ireland will want something from their Uncle Sam. Like some choice info on a pending terrorist attack. Or a cozy tete-a-tete with the American prez in a state visit. Or dozens of other things. Then there would be the kinds of things the CIA might do to make various Irish politicos very unhappy. A price will be paid by Ireland if they thwart justice for this pervert.
I assume you're just enjoying spamming this thread with completely irrelevant material. The NSA is not the source of this ad network attack on browsers at popular sites. They have more sophisticated methods like packet injection.
It's a decent solution for the 0.0001% of all browser users who know what it is and how to use it properly. That is, if they keep it patched with a new 1GB version every few weeks.
Sooner or later, Ireland will want something from their Uncle Sam. Like some choice info on a pending terrorist attack. That's why, in the Damache case, they ruled the possibility of life in a Supermax to be unconstitutional because of the inhumane conditions. US hacking of Irish networks is bad for business. You tried to b.s. me and it did not work. Deal with it.
I recommend you continue to rely upon µBlock.
You don't even use Tor/TAILS yourself. Yet you demand that others must use it if they want security. You're beyond silly. I've pointed it out and now you're all pissy about it.
We'll see. Our prosecutors will keep after him for as long as it takes. Sooner or later, we will have leverage over Ireland.
And you should know.
Sooner or later you will have facts to accompany your wild speculations. In the meantime, the U.S. is having consistently less leverage.
I think I do know.
Continuing exposure of this criminal child abuser will likely have other consequences. He was hosting hundreds of thousands of pics and videos of exploited and abused children. There will be no happy ending for this perv.
I have the slowest of the high speeds, 600K. So, it really is nearly impossible for me to judge speed. But, I'll try. Thanks TC, Bob
#39. To: TooConservative (#37)
#40. To: nolu chan (#33)
Take your pick.
#41. To: nolu chan (#35)
It's open source. You really think NSA/FBI is behind the open source development of TAILS?
#42. To: buckeroo (#34)
All anyone has to perform to easily eliminate user ad tracking is to clean their cache memories from tyme to tyme; no specialized "ad blocker crap." It is easy, too; while not using any pull-down menus from ANY browser.
#43. To: buckeroo (#39)
I am not using a proxie.
#44. To: TooConservative (#29)
TheHackerNews: Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor Network hosting; Tor Mail Compromised
Sunday, August 04, 2013
#45. To: TooConservative (#43)
#46. To: TooConservative (#41)
How do you know they aren't.
#47. To: TooConservative (#40)
If you look in the Chrome Store or the Google Play store, you'll find tons more.
#48. To: nolu chan (#44)
Your cited article on Eric Eoin Marques is two years old. How about an update? How is the prosecution progressing? Has the FBI got their man yet? Do they expect to get him? Do they now expect to ever get anyone from Ireland who could possibly get a life sentence in a Supermax?
#49. To: nolu chan (#46)
The thread is about avoiding malicious adware, not the NSA.
#50. To: TooConservative, nolu chan (#49)
You're the one who dragged it into "Snowden evaded detection with Tor/TAILS". I said that was irrelevant from the start and then started documenting why Tor/TAILS is only more secure than conventional solutions but is not totally secure.
#51. To: buckeroo (#50)
You can take your highfallutin' "adblocker software" and stuff it; as IT also poses a risk to your Internet experience and (perhaps) your local files.
#52. To: TooConservative (#51)
#53. To: buckeroo (#38)
We frequectly use signatures to authenticate software besides the website (itself). Often the software is not a download exectable file. It is an ISO image. Or we use torrent.
Check Tails signing key against the Debian keyring
#54. To: nolu chan (#53)
Check Tails signing key against the Debian keyring
#55. To: nolu chan (#53)
Or one could eat loads of Cap'n Crunch, hoping to find a free gift of TAILS on a dongle.
#56. To: buckeroo (#52)
LQQK, don't goto Drudge or WeatherChannel if you are so afraid of their mischief. If you wrap up your Internet experience based on some "protection software" because you are plain ignorant of how to achieve anonymous status that is all on your shoulders.
#57. To: TooConservative (#56)
#58. To: TooConservative (#48)
The US Is Trying to Extradite a Notorious Dark Web Admin This Week
Graham Templeton
May 11, 2015 // 09:45 AM EST THE EXTRADITION HEARING of an Irishman alleged to be the “largest facilitator of child porn in the world” will not begin until June after the High Court heard he has been diagnosed with Aspergers syndrome.
Mr Marques had sought judicial review of the DPP’s decision but was refused leave to challenge the decision not to prosecute him.
A court in Ireland has refused to extradite accused terrorist Ali Charaf Damache to the United States finding that the conditions of Supermax are overly harsh and would violate his rights under Ireland's constitution. The Court ordered him freed.
Furthermore, his extradition would be entirely disproportionate, Mr O'Higgins said.
#59. To: TooConservative (#54)
Yeah, good luck with explaining all that to Grandma and Uncle Jim.
#60. To: nolu chan (#59)
Good luck using µBlock to evade the NSA.
#61. To: nolu chan (#58)
That's your best effort?
#62. To: TooConservative (#49)
You're the one who dragged it into "Snowden evaded detection with Tor/TAILS".
[nolu chan #15] Upon shutoff, it leaves a completely blank slate of all history. It worked for Edward Snowden.
#63. To: TooConservative (#61)
Better than anything you offered on the case. It has been one delay and continuation after the next.
#64. To: TooConservative (#60)
You can't evade the NSA.
#65. To: nolu chan (#63)
You pulled your #48 prediction, "I think they will get him," right out of your.... wherever. It is based on nothing.
#66. To: buckeroo (#55)
#67. To: nolu chan (#64)
Good luck then using µBlock to evade the NSA.
#68. To: nolu chan (#62)
Read it again and try to comprehend the context. There is nothing there that was not there. When you start it up again, there is no malware there to start up.
#69. To: TooConservative (#65)
I do think they will get him. It may take a while longer.
#70. To: TooConservative (#68)
It's a decent solution for the 0.0001% of all browser users who know what it is and how to use it properly.
#71. To: nolu chan (#70)
I recommend you continue to rely upon µBlock.
#72. To: nolu chan (#69)
That's why, in the Damache case, they ruled the possibility of life in a Supermax to be unconstitutional because of the inhumane conditions.
#73. To: TooConservative (#71)
You don't even use Tor/TAILS yourself.
#74. To: TooConservative (#72)
We'll see. Our prosecutors will keep after him for as long as it takes. Sooner or later, we will have leverage over Ireland.
#75. To: nolu chan (#73)
(Edited)
#76. To: nolu chan (#74)
Sooner or later you will have facts to accompany your wild speculations. In the meantime, the U.S. is having consistently less leverage.
#77. To: TooConservative (#24)
Top • Page Up • Full Thread • Page Down • Bottom/Latest
[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]