Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Farmerbob]

  I suspect this might be coming from the advertisements, it's popped up a couple times while I was browsing through the Wiki - this time it happened on the "Gremlin" info page.  Can't remember what game version page on Gremlins though, might have been an older page, I tend to look at all the available pages and see if they match up with what I'm seeing in game.

  This is an attack targeted at older installs of Adobe, supposedly new installs will repair the vulnerability.

  It appears as if F-Secure crushed it before it got anywhere.

  The attack seems to require Java somehow, as it activated Java on the taskbar right before it got clubbed.

  If you update your Adobe in the hopes of reducing system vulnerability, open it again, and check for updates after each update you finish.  I got two back-to-back updates, and I was not notified there was an additional one when the first completed.

[zwei]

yeah, advertizers usually run any ad without asking much questions as long as they are paid. It is quite easy to distribute flash exploits this way.

[Cheshire Cat]

my simple solution has allways been dont use adobe acrobat. ever. foxit does the job fine, is much smaller, and does not force me to update every few hours.

i also dont install java. both programs seem to leave great gaping orifices directly into the pulsing heart of my pc, so i avoid them. exploits in advertising toolbars pop up fairly frequently, and all the ones ive seen use adobe acrobat or java or both. ive gotten at least one horrifically evil trojan through such an advertisement, which really ate up my computer and even caused google redirects on other pcs in my home network by doing something insidiously clever to my router. it even coopted norton and tried to make it download more evil software in the guise of norton updating, and utterly destroyed adaware.

[zwei]

Adblock is better solution. Regular updates too.

There are exploits in pute html/javascript or images too, so, do not be luled to feeling secure if you take care fo worst offenders.

[nenjin]

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

[Shades]

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Most people are too apathetic to do anything put post on a forum about it or rant to someone over im, until that changes nothing will be done as there is no pressure on the advertiser to do so. And as you say they are making money so they certainly don't care.

[Locriani]

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Most people are too apathetic to do anything put post on a forum about it or rant to someone over im, until that changes nothing will be done as there is no pressure on the advertiser to do so. And as you say they are making money so they certainly don't care.

Google says the affected ad has been cleared from the system.  any other reports like this, please email me.

[Lord Darkstar]

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Google has stated that at any point in their adserving history to current day, between 12 to 20% of their ads are just malware. But their money spends as well as "less ambitious customers", so they take it. After all, they wouldn't want to deny themselves that ad revenue. What are you going to do? Nothing. They are Google.

[Kilo24]

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Google has stated that at any point in their adserving history to current day, between 12 to 20% of their ads are just malware. But their money spends as well as "less ambitious customers", so they take it. After all, they wouldn't want to deny themselves that ad revenue. What are you going to do? Nothing. They are Google.

Given that their ads are text-only, I don't think that there are any that can force viruses in without clicking on them.  And investigating which hold malware is a rather large and expensive undertaking, given the sheer volume of ads they deal with.

It's still pretty bad (and does discourage people aware of it from clicking on the ads), but it's at least a workable arrangement.  But still, publicizing the number of ads which are malware could force them to improve their standards to avoid the loss of revenue by people being afraid to click on ads.

[lucusLoC]

my simple solution has allways been dont use adobe acrobat. ever. foxit does the job fine, is much smaller, and does not force me to update every few hours.

you need to read more of the security bulletins. foxit is actually vulnerable to more than half of the reader exploits, and has quite a few of its own to boot. in my opinion the whole pdf format is one big vulnerability. (speaking as a sys admin here, who has had to clean up his fair share of adobe and pdf related problems.)

[Tilla]

Not a whole lot Google can do about these sorta things except either A> make a much more rigorous and probably /costly/ approval process or B> (what they do now) remove malware when reported.

[Cheshire Cat]

Given that their ads are text-only, I don't think that there are any that can force viruses in without clicking on them.  And investigating which hold malware is a rather large and expensive undertaking, given the sheer volume of ads they deal with.

no, if you have programs like adobe acrobat reader or java as a browser plug in, some of those malware advertisements can and will get into your pc without being clicked on. all they need is to be displayed in your browser. i posted somewhere up this page about an experience i had with this, that was not detected by my virus scanner, and the scanner was then coopted and used to download more malware.

given that these threats are generally added to the databases in standard commercial virus scanners very quickly after they appear, it would not seem difficult for companies organizing them, like google, to scan adds before allowing them to be shown. it may be harder then i think it is, but this way only very new threats would get through, and then only for a few days. it would also be easier to blacklist people providing the adds, which would not stop them, but would slow things down a bit.

[Bronzebeard]

Not a whole lot Google can do about these sorta things except either A> make a much more rigorous and probably /costly/ approval process or B> (what they do now) remove malware when reported.

Costly? You mean Google -- literally one of the most powerful corporations on the face of the earth that may as well control the internet -- is strapped for cash?

[Interus]

Not a whole lot Google can do about these sorta things except either A> make a much more rigorous and probably /costly/ approval process or B> (what they do now) remove malware when reported.

Costly? You mean Google -- literally one of the most powerful corporations on the face of the earth that may as well control the internet -- is strapped for cash?

Generally, if corporations can avoid lowering their profit, they will.  Regardless of how high that profit may be.  Sometimes they can't, and I'm thinking that they'd probably decide that if they have to pay people to check each advertisement, then they'll have to charge more per advertisement, and then they'd have fewer customers and make less money.

That's just what I know from economics.  I have no idea if it's the actual reasoning or not.

[alway]

That there was a virus in the Gremlins page is infinitely amusing.