Wednesday, March 16, 2016

Major web sites serving up malware via ads

Big sites, probably you visit some:
Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs.

Websites visited by millions of people daily –,,,,,, and more – are accidentally pushing out booby-trapped adverts via ad networks, warn infosec researchers.
These are served up via flash, which gives you some options to protect yourself:
Patching regularly, uninstalling Silverlight or setting plugins such as Flash to click-to-play, will defend against attacks from dodgy banner adverts.
All good advice.  Windows Update should be set to automatic*, Silverlight is not needed anywhere that I've seen and can be uninstalled, and using Flashblock or setting your browser to click-to-play are all excellent suggestions.

* Careful about the Windows 10 upgrade pester offer.  Read the popup carefully - the opt out is way at the end.  Tricksey hobbitses ....


Jake (formerly Riposte3) said...

In fact, my EMS agency just adopted new patient report software that requires Silverlight for the Web interface. Normal use is through a traditional desktop application, but all administration and QA interactions are through the website.

Unfortunately, all the other software available is pretty much crap.

Tim Covington said...

This is the reason I run ad blocker software. Every time I've tried to be good and let the ads run, I ended up fighting off some sort of malware. Until the ad networks clean up their ads, I'll keep on blocking them.

EMS Artifact said...

I've set Windows update to ask me if I want to update. I found Automatic Updates to be painful since they often want to update on shut down. When I shutdown, I want to shut down, not wait 10 minutes.

Thanks for the other two hints. I set Silverlight and Flash to "Ask to Activate".

You know, you could do this computer security stuff for a living. ;)