Google Urges Cooperation Against Bad Ads, Malware

A malicious ad surfaced in Google search results just as Google called for a more concerted industry effort against such scams.

By Thomas Claburn
InformationWeek
September 23, 2009 05:37 PM

...

Malicious ads have also been spotted this year at nytimes.com. eweek.com, mlb.com, and foxnews.com, among other Web sites and such incidents are becoming more common.

ScanSafe, a security company, on Wednesday said that a large scale malvertising attack had hit popular Web sites, including drudgereport.com, horoscope.com and lyrics.com, over the weekend.

...

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=220100971&cid=RSSfeed_IWK_All
..

Malware torrent delivered over Google, Yahoo! ad services

No cure for the malvertisement blues

By Dan Goodin in San Francisco • Get more from this author

Posted in Security, 24th September 2009 21:20 GMT

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm.

The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's DirectShow - starting appearing on sites such as the DrudgeReport, horoscope.com and lyrics.com last Friday, ScanSafe researcher Mary Landesman told The Register. They were delivered over networks belonging to Google's DoubleClick; Right Media'sYield Manager (owned by Yahoo); and Fastclick, owned by an outfit called ValueClick.

End users visiting sites that used the ad syndication services often saw nothing more than a brief flash as the malware-laced ads caused their browsers to open - and then close - a booby-trapped PDF file. But behind the scenes, the payload installed Win32/Alureon, a trojan that drops a backdoor on infected machines.
..
While there is no absolute cure for these kinds of attacks, this particular one could have been avoided by patching all browser plugins regularly, such as Adobe Reader, Adobe Flash, Java, Quicktime, Real Player, etc.
Up to date anti-malware suites might also block a significant percent of such attacks, but hardly all.

...could have been avoided by patching all browser plugins regularly, such as Adobe Reader...
I also do the following:


My browsers and PDF viewers are configured not to automatically open documents encountered on web sites.
I use the PDF Download (http://www.pdfdownload.org/) extension (belt and suspenders) to ensure that documents aren't opened unless/until I'm ready to read them.
Javascript is turned off in all PDF viewers. If a document is encountered with Javascript, I will be warned, and I can choose to turn it on while reading that document. Rarely do I choose so, and then I turn it off when I'm done.

I also do the following:


My browsers and PDF viewers are configured not to automatically open documents encountered on web sites.
I use the PDF Download (http://www.pdfdownload.org/) extension (belt and suspenders) to ensure that documents aren't opened unless/until I'm ready to read them.
Javascript is turned off in all PDF viewers. If a document is encountered with Javascript, I will be warned, and I can choose to turn it on while reading that document. Rarely do I choose so, and then I turn it off when I'm done.

Perhaps you would like to mention what other add-ons or programs or browser configuration options, if any, besides pdfdownload.org, that you use to do these tasks. That is, unless you do it by manually setting stuff "under the hood" :eek:

Perhaps you would like to mention what other add-ons or programs or browser configuration options, if any, besides pdfdownload.org, that you use to do these tasks.
Sure. Entensions for security or privacy are:


Adblock Plus 1.1.1: http://adblockplus.org/
Adblock Plus: Element Hiding Helper 1.0.6: http://adblockplus.org/
BetterPrivacy 1.29: http://netticat.ath.cx/extensions.html
CLEO 4.2: http://customsoftwareconsult.com/extensions
Live HTTP headers 0.15:
Modify Headers 0.6.6: http://www.garethhunt.com/
NoScript 1.9.9.01: http://noscript.net
Objection 0.3.4: http://objection.mozdev.org/
RefControl 0.8.12: http://www.stardrifter.org/refcontrol/
SEARCHinvestigative Toolbar 2.1.0.18: http://www.conduit.com
Stop Autoplay 0.7.6: http://hemiolapei.free.fr/divers/sap/sap-en.html

Configuration items in Tools > Options:


Content: Block Pop-up windows
Privacy: Accept cookies from sites, plus Accept third-party cookies, and Keep until: Ask me every time
Privacy: Clear history when Firefox closes, set to clear Download History, Form & Search History, Active Logins, Cache, Saved Passwords, and DownThemAll! History & queue
Security: turn off Save Passwords
Advanced/Network: Tell me when a website asks to store data for offline use
Advanced/Updates: When updates to Firefox are found, Ask me what I want to do

IE and ActiveX are basically hopeless on Windows, but some people and firms simply cannot be weaned away from them. For these, there are Sandboxie and Drop My Rights, IE safe[er] mode, etc. Vista and Win7 also help a lot, as do the security features in IE8. Running as admin in XP should be up there in danger quotient with texting while stunt-flying and extreme Russian roulette, but is it? Naaah, no drama.

And there's no substitute for keeping those add-ons up to date, if you must use them. The world cannot be bothered to read the tech press, or visit Secunia et. al. on a schedule, so Microsoft is beginning to warn about Java/Flash vulns in their Windows Update.

But it's an assymetrical war, and stupid always loses.