The attack, which was targeted at US users, hit websites including the New York Times, the BBC, AOL and the NFL over the weekend. Combined, the targeted sites have traffic in the billions of visitors.
The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft’s former Flash competitor Silverlight, which was discontinued in 2013.
That’s why we have adblockers.
Exactly. Ad blocking has been the single most effective way at cutting malware down to almost nothing where I work. non-blocked computers are constantly firing off alerts. Computers with ad blockers almost never do.
Until these ad networks actually view all the ads they permit, we will continue to have ad blockers and continue to run them. I’ll not be subjected to Cryptowall just to make someone else a few extra cents. Forget it!
And ads!
http://www.osnews.com/advertise
I don’t mind ads themselves, as long as they are with common sense.
Put a nice, descriptive image of a product or company along with a simple link to their site and it’s fine.
Inject fucking javascript and other crap from random 3rd parties you know nothing about … It’ll be blocked.
Sites like this that host their own ads usually vet the ads. The problem with the big ad networks is they don’t and then aren’t held liable for the damage.
Google, AOL, and the other ad networks need to take responsibility for the damage the malware causes.
Content from 3rd parties over which you have no control?
What could possibly go wrong?
Killing my bandwidth and soaking up my data allowance?
SC** you.
Spying on me? (Phorm, in browser mouse trackers, etc)
SC** you.
Who ever bought anything from an in-page ad anyway? The returns dont merit the investment nor the user upset. I suspect ad agencies have been inflating the effectiveness of web spam.
Edited 2016-03-16 18:18 UTC
I implore mobile users to install Adguard (even if it’s only for the trial period) and see how much data these ads are sucking down – you might be shocked. In my case, it was about half my data cap every month.
Prefer Adblock Plus myself, but agreed. Amazing how bloated this crap has become. It used to be that Flash ads were the only real data suckers… now the regular ads are worse than the flash ads once were.
It’s funny how the ad providers think the solution is to get around blockers and shove ever more invasive crap at us. I don’t know about anyone else but, for me, the opposite would be true. Cut it back, big time, and I probably wouldn’t block them. Above all, disallow any scripting in advertisements. If you need big flashy effects to get my attention, then you are not worthy of it.
I recently switched to the PaleMoon web browser on Android and loaded the uBlock extension.
The reason I specifically recommended Adguard is that it shows you how much data it saves you from the ads it blocks. If Adblock Plus does as well, then that works too.
Exactly, the more intrusive and bloated ads become the more people block them… When they were just text ads or static graphic banners i didn’t block them, once they started doing popups, animation and especially sound i researched ways to block them.
I hope every single one of these sites get sued so hard. They whine and cry about people blocking their ads and when people don’t stuff like this happens. Also Flash needs to die, and Microsoft needs to issue an update to remove Silverlight too.
Edited 2016-03-16 21:07 UTC
MS are still pushing it as an optional install.
Hide it and it still keeps on coming back like a bad penny.
So much for discontinuimg it.
Like Flash, it should be consigned to history TODAY!
It will keep happening. Some of these ads have targeted user CPU resources in the past:
http://www.theguardian.com/technology/2014/jan/08/yahoo-malware-tur…
Something about this quote just makes me laugh!
You know I cringe every time a client asks me to link in 3rd party scripts because I know what it means for website security.
So many websites (including osnews) just hand over full javascript access to 3rd party advertisers and trackers. Of course I run a blocker, but why in the world is this an acceptable website building practice in the first place? There’s just no excuse from a security perspective to give 3rd party advertisers unrestricted scripting access across a website.