Flash ads bearing malware plague popular sites

[RadioPatrol]

From WindowSecrets.com:

Just opening the page puts you at risk

Visitors to USAToday.com last Thursday got more than they bargained for. A hacked Flash advertisement meant that merely viewing a page in your browser was capable of triggering a malware attack on your PC. According to an alert on the security site Websense, the ad can take control of the browser without any user interaction at all.

Two days after the ad appeared on the USA Today site, two prominent Utah-based news sites, DeseretNews.com and SLTrib.com, were found to have similarly dire banner ads. These ads directed users to various unexpected locations, including the site for AntiSpywareMaster. This destination has been called a "corrupt anti-spyware parasite" and a "fake program" by the RDV Group, a safe-computing organization.

News sites aren't the only victims of what Sandi Hardmeier, who authors the blog Spyware Sucks, calls "malvertisements." The ads themselves may appear perfectly harmless, notes Hardmeier, who's been recognized as an MVP (Most Valued Professional) by Microsoft. "The criminals behind such malvertisements . . . have no shame," she writes, "impersonating everything from WeightWatchers to Oxfam."

Advertisements are not the only source of the problem. The principal conveyors of this malicious code are Flash animations (or .swf files), which are commonly used to create intro screens, online video, and other Internet content in addition to Web ads.

Of particular concern are Flash files that are vulnerable to insertion of malicious code using a technique called cross-site scripting, or XSS.

This vulnerability was widely publicized earlier this year by Google researcher Rich Cannings and his co-authors in their book Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions. According to a report in the U.K.–based tech-news site The Register, a Web search revealed more than 500,000 vulnerable files on major Web sites.

 

[The_Twisted_Ear]

Isn't it a shame. First a bunch of fools ruin E-Mail (spam, etc.) and now another bunch of fools are going to ruin (Flash) for everyone. I wish they would catch them and lock them up. Better yet - lock them up and don't give them any soap on a rope!

 

[dn0121]

firefox and adblock plus rule

 

[Floyd2004]

firefox and adblock plus rule

Yup. I wouldnt have it any other way

 

[Kerad]

firefox and adblock plus rule

Does adblock mess with legitimate flash from the site...or is it good at just blocking the ads?

I'd never heard it of it before, and I've been using Firefox for years.

 

[AndyMarquisLIVE]

Does adblock mess with legitimate flash from the site...or is it good at just blocking the ads?

I'd never heard it of it before, and I've been using Firefox for years.

Unfortanently, with the good, comes the bad and the ugly.

Usually, no. Your Advertisement banners usually come from the same sites and are framed in, and aren't actually hosted ON the site your visiting. AdBlock blocks these particular sites that host the ads - kind of like how NetSweeper and Websense block certain sites.

You could even put this (http://pagead2.googlesyndication.com/) for example in your WINDOWS system32 HOSTS file and it would block Google ads.

:shrug:

 

[RadioPatrol]

firefox and adblock plus rule

NO Script .........