YOU ARE READING

Staying Safe online and on Wattpad

Non-Fiction

How to REALLY stay safe online This book reveals the dirt, grime and creepy crawlies hiding behind the internet's shiny cabinet. Beware, this book may spoil your day. ==============================================================================...

#android #anti-virus #facebook #google #hacker #internet #love #mac #malware #microsoft #nsa #pikachu #pokermon #privacy #safe #security #troll #virus #wattpad #windows

PUP #8 ~ Malvertising: Adverts that attack

106 5 5 
                                    

                                              
If you think online advertising is harmless and you don't need an adblocker you are certainly in the majority. Only about 20% of onliners use an adblocker and even a smaller percentage use one with other additional security tools like JavaScript blockers (EG NoScript) and anti-trackers (EG Ghostery). 

                          
This casual approach to online safety helps the advertisers and their scriptmonkeys sleep well at night, but in the last few years, a new threat is giving them nightmares:malvertising. This is normal-looking adverts containing malware that can get onto our device.

                          
Ad networks

                          
Advertising has come a long way since the days when guys shouted out what they were selling in the street. These days, even radio and TV ads have diminished in favour of internet advertising – many newspaper publications are going under or converting to online magazines because online revenues and audiences are potentially greater. 

                          
Advertisers and marketers have formed massive networks that dictate how their ads should look online. The websites they pay to display them must include special code that logs every user who clicks or favours their ads and can track them when they move around a website – especially the most popular pages, on which it costs more to be featured. Even when a user leaves a website, the continuing journey they make across the internet can be tracked. 

                          
This labyrinthine web of connections makes billions of dollars for the product sellers, the collectors and the multitude of middle-men. Not so much from actual sales of goods as we may think, but often from the trading of our personal data, which possibly determines if we will actually buy something and which can feed back into the meat grinder for yet more profit. 

                          
Money talks 

                          
For massive sites with millions of users there are certain pages that generate enormous hit stats (often the 'home' page). Advertisers and marketers must join a bidding process to feature their ad there, the winning bid getting prime time exposure for as long they pay. All the big sites have advertisers falling over themselves to get on a 'million plus' page and access to all those gazillions of 'unprotected' users. But whenever someone makes money on the internet someone else will want a piece of it.  Step up the hackers who realised this money pot can be tapped.

                          
Malvertising – a brief history

                          
Malvertising was first noticed in 2007 – a vulnerability in Adobe's flash program (some say it still exists) was used to affect ads on MySpace. 

                          
In 2009 the New York Time's online pages featured a banner ad that, if clicked, infected the user's computer or device, which was incorporated in a massive click scam called the Bahama Botnet – a hacker's network injecting malicious scripts into legitimate ads. It also produced fake security alerts telling NYT readers their system was infected and they needed to install free 'security software', which turned out to be a nasty Trojan. (See panel below for more about this scam).

                          
The collectors like Google, Microsoft, and Yahoo! turned a blind eye to the problem and continued taking the advertisers' money while the consumer and their privacy was predictably at the bottom of the list. Yet even the collectors have recently been victim to this threat when Google's own ad network and new WP partner, DoubleClick, got hijacked by a massive malvertising attack.

                          
Drive-by malvertising 

                          
By 2011 malvertising was rampant and Spotify experienced the first 'drive-by' exploit where users got infected without clicking anything.

                          
Malvertising happens when websites don't realise they've included a malicious script or ad into their page. Users are infected if they click (you know, click this to see the latest GOT trailer) or if they simply load a page and don't even click. It can happen when the page loads a particular element like an ad and the secret script loads with it and redirects the user to a malicious page or a fake website designed to look just like the one we were just on. It might ask for more details about us or ask us to 'log in' thereby acquiring our password (the fake log-in box sends what we type to the hacker), which they can try on all our other online accounts if we're dumb enough to list them and use the same username.

                          
Malvertising can also happen 'post-click' – when we leave a page – and we're redirected to another page advertising something completely different that isn't endorsed by the site we were on. Porn is quite a common redirection destination and certainly pays for a lot of malvertising design. However, Russian activists have recently been using the technique to redirect users to their sites where they get funds from page visits and we end up watching an anti-Putin video instead of GOT. 

                          
With the NYT exploit a client purporting to be a 'national' advertiser won the bids for prime web pages from them, ran the legitimate ads for a week (advertisers often control their ads on a host site's page) and then substituted the ad with a malvert. The NYT had to suspend all their third party ads and clients until they sorted it out, which cost them quite a few dollars, not to mention their infected users.

                          
How do we stop it?

                          
Well, we can use adblockers and all the tools mentioned in the chapter of this book entitled Layer #5 ~BROWSERS (Part 4): Add-ons that protect us, and many malvertising exploits use Flash Cookies, so a programme like Better Privacy will delete Flash LSOs and take out the malvert's base. Hitman Pro has a keylogger encrypter built into its free download at the time of writing. This encrypts your password when you type it in, which is not much good to a hacker. Encryption is a good thing to have anyway.

                          
A good anti-malware or anti-spyware prog will spot some of it but the hackers and developers are now working on header injectors, sophisticated I-frames and browser infections that the online security industry is struggling to combat. It's a bit like an arms race at the moment. The war is on and the prize is our identity and our bank account. 

                          
We should use any tools we can to protect ourselves. A mugger will ignore a girl with a gun, think twice about a chick with a stick but make a bee line for sad little sweetie with her heart (and her purse) on show.

                          
SEE LINK 1 ~ Malvertising: When Online Ads Attack 

                          
 ----------------------------------------------------------------------------------------------

                          
Security scam #17

                          
Actually, this security scam technique is an old tried and tested way of extracting money from gullible internet users. We even have a similar phone scam in the UK where a person rings up pretending to be from Microsoft and says they have received an error message from our PC indicating our device is infected. 

                          
It's true that when a PC bugs out, users can click an error window that sends the details to a MS server, but MS rarely answer it and they certainly don't ring you up. It is a scam. 

                          
A friend actually believed the fake caller and gave them over £150 ($217USD $285CD) to fix the problem over a number of weeks before twigging the bugs were actually being put into the PC by the 'fixer'.  What the scammers do is to tell you to open all your ports and give them the passwords into your device so they 'can check your system', (which probably has little wrong with it). They plant a Trojan on your device remotely so it will go wrong at a certain date (the Trojan disables an important file) and you will have to pay big bucks to get it fixed using your credit card details, of course. 

                          
The Mac's biggest exploit is also the security software scam. Mac users should ignore security software ads, or redirects to pages saying their Mac is infected and can be cured by downloading software with the following names:

                          
•	MacDefender

                          
•	MacProtector

                          
•	MacSecurity

                          
They are all Trojans or fake apps designed to look like they're scanning your system for bugs but are really either infecting your system further or sending your personal info back to base to be sold on to the relevant markets or hackers and scammers. Check LINK 2 for more on Mac security scams. This site has 13 trackers before you even load JS, but has good info. Use your blockers before you view.

                          
============================================

                          
Stay safe, playmates, :)
Staying Safe online and on WattpadWhere stories live. Discover now