Discussion:
Google served malware -- yet another reason to block ALL ads forever
(too old to reply)
Thad Floryan
2014-09-20 21:35:00 UTC
Permalink
Raw Message
On Slashdot:

http://it.slashdot.org/story/14/09/19/2232241/googles-doubleclick-ad-servers-exposed-millions-of-computers-to-malware

Last night, researchers at Malwarebytes noticed strange behavior on
sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on
the sites were being unusually aggressive, setting off anti-virus
warnings and raising flags in a number of Malwarebytes systems. After
some digging, researcher Jerome Segura realized the problem was coming
from Google's DoubleClick ad servers and the popular Zedo ad agency.
Together, they were serving up malicious ads designed to spread the
recently identified Zemot malware. A Google representative has
confirmed the breach, saying "our team is aware of this and has taken
steps to shut this down."

Related links:

https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/

http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-of-computers-to-malware

http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-of-computers-to-malware

As has been said before, Google can go pound sand if they can't
understand why folks block all ads. Several years ago over 250,000
folks who visited the New York Times website received malware served
by off-site ads running IFRAMEs which should ALWAYS be blocked since
IFRAMEs are one of the most dangerous things on the Internet.

The only good ad is NO ad.

Thad
Thad Floryan
2014-09-20 21:37:56 UTC
Permalink
Raw Message
Post by Thad Floryan
[...]
https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/
http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-of-computers-to-malware
http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-of-computers-to-malware
[...]
Whoops, flaky copy'n'paste; the 3rd URL above should be:

http://blogs.technet.com/b/mmpc/archive/2014/09/09/msrt-september-2014-zemot.aspx

Sorry 'bout that.

Thad
sms
2014-09-21 00:22:30 UTC
Permalink
Raw Message
Post by Thad Floryan
http://it.slashdot.org/story/14/09/19/2232241/googles-doubleclick-ad-servers-exposed-millions-of-computers-to-malware
Last night, researchers at Malwarebytes noticed strange behavior on
sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on
the sites were being unusually aggressive, setting off anti-virus
warnings and raising flags in a number of Malwarebytes systems. After
some digging, researcher Jerome Segura realized the problem was coming
from Google's DoubleClick ad servers and the popular Zedo ad agency.
Together, they were serving up malicious ads designed to spread the
recently identified Zemot malware. A Google representative has
confirmed the breach, saying "our team is aware of this and has taken
steps to shut this down."
https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/
http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-of-computers-to-malware
http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-of-computers-to-malware
As has been said before, Google can go pound sand if they can't
understand why folks block all ads. Several years ago over 250,000
folks who visited the New York Times website received malware served
by off-site ads running IFRAMEs which should ALWAYS be blocked since
IFRAMEs are one of the most dangerous things on the Internet.
Basically if Google is banning something from the Google Play store, as
they have done with AdBlock Plus and Disconnect Mobile then I know I
want both the Android version and the desktop version of whatever it is.

Presently I'm using the following for Trackers and Ads, what other
suggestions do you have:


Prevent Trackers
----------------
Disconnect Mobile: https://disconnect.me/mobile/disconnect-mobile (Apple
and Android). Banned from Google Play store.

Disconnect add-on for Chrome:
https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo?hl=en

Ghostery: https://www.ghostery.com/en/ (Firefox, Google Chrome, Safari,
Opera (not Internet Explorer))

Ghostery Mobile: iOS, Android (Firefox only, search for Ghostery in
Firefox in Android for add-on)


Block ads, banners, 3rd party Cookies, 3rd party page counters, web
bugs, and hijackers
---------------------------------------------------------------------------------------
Hosts File: http://winhelp2002.mvps.org/hosts.htm (Windows, OS-X, Linux)

Ad Blocker
----------
Adblock Plus: https://adblockplus.org/ (Chrome, Firefox, Internet
Explorer, Safari, Android, not iOS)). Banned from Google Play store.

Anti_Malware, Anti-Virus
------------------------
Malwarebytes: https://www.malwarebytes.org/ (paid version with scheduled
scans)
Microsoft Security Essentials:
http://windows.microsoft.com/en-us/windows/security-essentials-download
Avast: http://www.avast.com/en-us/index

Clean Up Facebook, add back Deleted Functions
---------------------------------------------
F.B. Purity: http://www.fbpurity.com/install.htm (Firefox, Google
Chrome, Safari, Opera (not Internet Explorer)). Can't install from
Facebook because Facebook hates it, so it is installed as a browser add-on.
David Kaye
2014-09-21 08:05:38 UTC
Permalink
Raw Message
Post by Thad Floryan
The only good ad is NO ad.
Naturally I didn't experience anything because I have ad-blocking software
and I have a hosts file that sends connections to ad servers to local loop.

I don't feel sorry for the blocked ad agencies, either. I'd have no problem
if ads were served up by the website I'm connecting to, but by farming it
out to 3rd parties there is no longer any quality control and the website
operators won't take responsibility.

Also, there's the matter that advertising has so inundated the web that it's
no longer effective for small advertisers. Sure, if you run a car company
or a movie studio and have millions of dollars to burn on advertising, the
web can be effective, but for the mom'n'pop entrepreneur it's just not worth
the money. At the moment I'm preparing a direct-mail postcard which will go
to the first 500 of my customers (that is, the current addresses I have from
my earliest customers, skipping past my recent customers). This is to
remind my old customers that I'm still around. This is remarkably
effective. I also plan to do a direct mail postcard to the other hotels run
by the management company I've been dealing with. Each is fairly
autonomous, so I have to approach them individually.

So, boo-hoo ad-drive websites. Your malware-ridden ad partners have
poisoned the well and your excessive advertising has turned off far too many
people.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Kevin McMurtrie
2014-09-21 10:11:56 UTC
Permalink
Raw Message
Post by Thad Floryan
http://it.slashdot.org/story/14/09/19/2232241/googles-doubleclick-ad-servers-e
xposed-millions-of-computers-to-malware
Last night, researchers at Malwarebytes noticed strange behavior on
sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on
the sites were being unusually aggressive, setting off anti-virus
warnings and raising flags in a number of Malwarebytes systems. After
some digging, researcher Jerome Segura realized the problem was coming
from Google's DoubleClick ad servers and the popular Zedo ad agency.
Together, they were serving up malicious ads designed to spread the
recently identified Zemot malware. A Google representative has
confirmed the breach, saying "our team is aware of this and has taken
steps to shut this down."
https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campai
gn-under-way-involving-doubleclick-and-zedo/
http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-o
f-computers-to-malware
http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-o
f-computers-to-malware
As has been said before, Google can go pound sand if they can't
understand why folks block all ads. Several years ago over 250,000
folks who visited the New York Times website received malware served
by off-site ads running IFRAMEs which should ALWAYS be blocked since
IFRAMEs are one of the most dangerous things on the Internet.
The only good ad is NO ad.
Thad
Google really has little interest in security as long as their marketing
data is safe.

Google Groups has been hosting a Chinese credit card theft gang since...
as long as I can remember. Maybe 2004? It's the "Discount Nike"
spammer that floods all of Usenet non-stop. Blogspot and Picasa provide
hosting. It's why my Usenet reader drops all Google postings.

More recently, Google has been hosting mail filtering obfuscation for
spammers with URLs like:
http://www.google.com/url?q=<url>&sa=D&usg=<checksum>
--
I will not see posts from astraweb, theremailer, dizum, or google
because they host Usenet flooders.
b***@MIX.COM
2014-09-23 23:47:38 UTC
Permalink
Raw Message
Post by Thad Floryan
The only good ad is NO ad.
I currently have two ads on my web site. They are just images
and links to two software vendors whose work I consider worthy
of mentioning to others. They're both one man shops (as am I),
and I put them up on my own initiative, for free.

For me, that's "the only good ad."

http://MIX.COM if you're curious.

Billy Y..
--
sub #'9+1 ,r0 ; convert ascii byte
add #9.+1 ,r0 ; to an integer
bcc 20$ ; not a number
Thad Floryan
2014-09-23 23:56:30 UTC
Permalink
Raw Message
Post by b***@MIX.COM
Post by Thad Floryan
The only good ad is NO ad.
I currently have two ads on my web site. They are just images
and links to two software vendors whose work I consider worthy
of mentioning to others. They're both one man shops (as am I),
and I put them up on my own initiative, for free.
For me, that's "the only good ad."
http://MIX.COM if you're curious.
Hi Billy,

I was curious and so I looked and I saw those ads. Yes, those
are definitely good ads with which I have no problems whatsoever
and they were not blocked because they're static to the page and
not using IFRAMEs or any HTML 5 crapola or introducing malware.

Your example is one that I wish all advertisers would follow so
the Internet would be a far better experience for everyone.

I don't have any ads on any of my pages but if I ever had the need
to do so I'd be doing exactly what you did.

Thank you for sharing!

Thad
David Kaye
2014-09-24 08:05:41 UTC
Permalink
Raw Message
Post by Thad Floryan
Your example is one that I wish all advertisers would follow so
the Internet would be a far better experience for everyone.
Advertising wasn't a problem until the ad servers popped up and web pages
began linking to them. Easy money and no responsibility for content. "Oh,
it was zedo..." who deposited the malware on people's computers. I have a
hosts file that is 500k long, a bit much, but what AdBlock doesn't catch,
the hosts file will.

But if I can reach a website and they choose to run an ad via their own
servers, not a problem. It'll appear (unless AdBlock blocks it) and I won't
mind seeing it. But as soon as they farm it out, no way Jose.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Thad Floryan
2014-09-24 08:38:02 UTC
Permalink
Raw Message
Post by David Kaye
Post by Thad Floryan
Your example is one that I wish all advertisers would follow so
the Internet would be a far better experience for everyone.
Advertising wasn't a problem until the ad servers popped up and web pages
began linking to them. Easy money and no responsibility for content. "Oh,
it was zedo..." who deposited the malware on people's computers. I have a
hosts file that is 500k long, a bit much, but what AdBlock doesn't catch,
the hosts file will.
But if I can reach a website and they choose to run an ad via their own
servers, not a problem. It'll appear (unless AdBlock blocks it) and I won't
mind seeing it. But as soon as they farm it out, no way Jose.
Hi David,

That's a better description of what I would tolerate, too. If the ad is
"farmed out" (good expression!), that's where the line is firmly drawn. Note
that's also how the New York Times online visitors were infected with malware.

I still would 100% block IFRAMEs no matter what or where -- that's one of the
most dangerous "features" of the web since code is executed [often silently
when it's malware] without any action taken on the part of the user. I really
cannot see any legitimate use of IFRAMEs on any website that I ever would care
to visit. For the curious, IFRAMEs have infected/infested/plagued the 'Net
since 1997 thanks to Microsoft:

http://en.wikipedia.org/wiki/HTML_element#Frames

Thad
sms
2014-09-24 16:01:48 UTC
Permalink
Raw Message
On 9/20/2014 2:35 PM, Thad Floryan wrote:

<snip>

There's one other thing I realized today an it's that Chrome has
helpfully (not) disables all extensions that are not from the Chrome web
store.

They advise you that to use those extensions download the developer
edition of Chrome.

Of course some extensions are dangerous and should be blocked. But some
are very helpful but Google hates them.

Loading...