I'm getting a warning message from Google Safebrowsing, saying the following:
The site ahead contains malware
Attackers currently on http://www.openadserving.com might attempt to install dangerous programs on your computer that steal or delete your information (for example, photos, passwords, messages, and credit cards).
Automatically report details of possible security incidents to Google. Privacy policy
Back to safetyHide details
Google Safe Browsing recently detected malware on wapsisquare.com. Websites that are normally safe are sometimes infected with malware. The malicious content comes from http://www.openadserving.com, a known malware distributor.
If you understand the risks to your security, you may visit this unsafe site before the dangerous programs have been removed.
Do you guys know anything about that? Anyone else getting that kind of message? Should I be worried, or am I OK, as long as I don't click on the ads?
(Incidentally, I was getting the message here for the forum, too... had to consciously choose to "visit this unsafe site", in order just to post...)
Some malware served through rogue ads is drive-by stuff. If you have good real-time anti-malware, you are likely safe from that.
But, yeah, don't click on ads if you get that warning - in fact, if you don't ABSOLUTELY need to go to sites with that warning ... don't. Check back later.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
lake_wrangler wrote:Do you guys know anything about that? Anyone else getting that kind of message? Should I be worried, or am I OK, as long as I don't click on the ads?
(Incidentally, I was getting the message here for the forum, too... had to consciously choose to "visit this unsafe site", in order just to post...)
I haven't seen that myself, today. However, it wouldn't be the first time that one of the ad-service networks Paul subscribes to, has been used as a malware vector... I can recall at least one previous incident.
i don't know how dangerous the current batch of malware is (assuming that Google is correct about something on openadserving.com).
NoScript is your friend.
Hmmm... interesting... I just tried to use "curl" to take a look at the site at OpenAdServing.com and got nothing other than a text message saying
"OpenAdServing (free ad platform) is no longer offered. Service will be discontinued in January 2013."
If I'm already using AdBlock Plus on my browser, and this attack seems to be about the ads, shouldn't I be safe? (For instance, it shows 3 ads blocked on a standard archive Wapsi page)
I tried looking for information on NoScript:
A) it works only on Firefox, and I use Chrome.
B) even looking for the info was difficult, as both Wikipedia and noscript.net were also targeted by Google's Safebrowsing warnings...
I installed an equivalent add-on for Chrome, but I don't know if it will make a difference. I'll let you guys know.
I'm not getting that message from Google anymore. Is it because of the ScriptBlock add-on? Because the problem was fixed? Or because I told Chrome to take me to that "unsafe site"? I just don't know.
One question, though: won't blocking scripts, no matter which add-on is used, break the functionality of some web sites? What if a web site needs to have scripts on, but doing so also allows ad-based attacks through? Would the Ad-Blocker be suffient, then?
Yeah, I know about allowing exceptions: I already had to make one for my work's intranet page.
But my question is, if I allow scripts on a different page, for whatever functionality reason, will blocking ads still be sufficient to block potential attacks that come from ad servers?
lake_wrangler wrote:One question, though: won't blocking scripts, no matter which add-on is used, break the functionality of some web sites? What if a web site needs to have scripts on, but doing so also allows ad-based attacks through? Would the Ad-Blocker be sufficient, then?
With NoScript (and others I believe) you can be selective. Typically, sites which are showing ads will serve their own content from their own domain, and the ad-injection scripting adds references which point off to web servers in other domains (e.g. the advertising control site, content sites, and so forth). You can (e.g.) allow scripts which are served from wapsisquare.com to execute, while blocking scripts from other sites that are being "pulled in" via references on the pages served to you from Wapsi.
I'm surprised that you were getting warnings about noscript.net and Wikipedia... that makes me think that the problem may lie closer to you than the sites in question. If your ISP runs some sort of "intelligent" web cache, it's possible that it was compromised, and that malware is being injected *between* Wikipedia and your system, not *from* Wikipedia (etc.).
lake_wrangler wrote:But my question is, if I allow scripts on a different page, for whatever functionality reason, will blocking ads still be sufficient to block potential attacks that come from ad servers?
If your ad blocker *completely* blocks ad URL fetches from sites that you've blacklisted (e.g. substituting some sort of placeholder graphic) then this would prevent any malware from being fetched from those sites.
The disadvantage to ad blockers is that, in order to operate, they need to know which sites are serving ads, and which are serving other forms of content. It's not easy to keep this info up to date, nor is it necessarily complete.
Script blockers tend to work differently - they most commonly block *all* script-like stuff (Javascript, Java, Silverlight, etc.) from *all* sites except for those that you've specifically whitelisted. And, NoScript (at least) does a pretty extensive content-specific analysis of something which "looks as if it might be executable" to see if it can detect unsafe stuff.
For what it's worth, 10 years of browsing with Firefox, AdBlockerPlus, and NoScript have led to exactly zero problems for me. I switched to Avast AntiVirus a few years ago, and their web-protect function also provides a layer of protection, though it's a bit intrusive for my liking. Also, Win 7 with firewall enabled.
ABP lets you "turn on" supported stuff, like ProjectWonderful, or you can enable adverts for sites you trust (allow this page/site/etc), though that opens the door to a trusted site having one of their advert sources getting borked. It's this last issue that is the source of the problem where sites get tagged malware because of a (formerly) trusted upstream source. Other webcomics (Girls With Slingshots, for example) have had this happen, sometimes more than once, as the Advert server IT peeps duke it out with the Malware server peeps.
YMMV. Good luck!
Don't let other peoples limitations become your constraints!
Atomic wrote:It's this last issue that is the source of the problem where sites get tagged malware because of a (formerly) trusted upstream source. Other webcomics (Girls With Slingshots, for example) have had this happen, sometimes more than once, as the Advert server IT peeps duke it out with the Malware server peeps.
That's why I don't even bother with adblockers. Avast is really good about catching malicious stuff so the only malware I've been hit with in memory was from DVDStyler's nasty installer that secretly downloads stuff even if you say no (since then I learned if you disconnect from the internet before installing it bypasses that garbage).
Julie, about Wapsi Square wrote:Oh goodness yes. So much paranormal!
My deviantART and YouTube.
I'm done thinking for today! It's caused me enough trouble!
Atomic wrote:It's this last issue that is the source of the problem where sites get tagged malware because of a (formerly) trusted upstream source. Other webcomics (Girls With Slingshots, for example) have had this happen, sometimes more than once, as the Advert server IT peeps duke it out with the Malware server peeps.
That's why I don't even bother with adblockers. Avast is really good about catching malicious stuff so the only malware I've been hit with in memory was from DVDStyler's nasty installer that secretly downloads stuff even if you say no (since then I learned if you disconnect from the internet before installing it bypasses that garbage).
I am using Avast as well, with the Web protection feature enabled, along with the AdBlocker, yet I still had that message from Google...
lake_wrangler wrote:I am using Avast as well, with the Web protection feature enabled, along with the AdBlocker, yet I still had that message from Google...
Yeah, I get the same kind of messages on occasion with Firefox. It doesn't mean you've actually been subject to an attack, just that the browser is stopping you before going to a blacklisted site that is supposedly dangerous. I understand people using AdBlock if they don't want the eyesores of advertisements flashing at them or want to avoid tracking. I like to see them, though. I have discovered a few interesting sites that I wouldn't have known about otherwise from ads.
Julie, about Wapsi Square wrote:Oh goodness yes. So much paranormal!
My deviantART and YouTube.
I'm done thinking for today! It's caused me enough trouble!
My 