Author Topic: Bad news  (Read 10756 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Bad news
« on: Sunday, 13 December, 2015 @ 06:20:13 »
Quote
Malware found on Guardian article that asks if cybercrime is out of control

Security researchers have observed that a Guardian newspaper article exploring the various facets of cybercrime is redirecting visitors to a webpage hosting the Angler exploit kit.

Ironically (or perhaps not so much), the Guardian article redirecting to Angler is a piece by Misha Glenny entitled "Cybercrime: is it out of control?"

In this particular attack, it would appear that Angler has a soft spot for older vulnerabilities.

One of the bugs exploited is CVE-2014-6332... covered in Microsoft's MS14-064 patch around this time last year.

Angler also embeds a Flash object on the page at runtime and reserves the right to serve up an exploit targeting Adobe's software.

News of this infection arrived just one day after... blog pages at The Independent newspaper were also redirecting visitors to Angler. In this case, if users were running an out-of-date version of Adobe Flash Player, the exploit kit would download the TeslaCrypt 2.2.0 ransomware onto their PCs.
 
In both instances, Angler relies on old vulnerabilities to infect unpatched machines. This just goes to show how important it is to install all software patches as soon as they become available. Trust me. It could save you a massive headache in the future.
https://grahamcluley.com/2015/12/malware-guardian-article-asks-cybercrime-control/


Quote
Independent blog site hit by malware

The Independent newspaper's blogging platform has been briefly compromised with malware that infects readers' computers, security experts have said.

The malware exploits a security hole in Adobe Flash Player to install itself on a victim's computer.

Once downloaded, it sets about encrypting documents, rendering them useless without the key to decrypt them, for which it demands a ransom.

The vulnerability in Flash has since been patched, but anybody using an old version of the web browser plug-in could still be at risk.

Raimund Genes, chief technical officer at Trend Micro [said]... "My advice is to update your Flash Player. Always do it immediately when it says an update is available, because Flash remains one of the main ways attackers can compromise a system."

This so-called malvertising has been found on many other places. Other newspapers as well as streaming sites and porn hosts have all briefly hosted booby-trapped ads.
http://www.bbc.com/news/technology-35050226


October, 2015: Angler Exploit Kit Blasts Daily Mail Visitors Via Malvertising

September, 2015: Malware With Your News? Forbes Website Victim of Malvertising Attack


Possibly your browser is set to use HTML5 instead of Flash Player, where possible. You can check your browser here for youtube, here for BBC iPlayer (thanks to BeeTee for the BBC link).

Many other websites still use Flash and it's built in to Google Chrome. Windows users can set Flash Player to auto-update via Control Panel > Flash Player menu > Advanced tab > Change Update Settings > automatically install updates.

Google Chrome automatically updates Flash Player when a new version is available.


Due to the number of users, delivery of automatic updates to Flash Player can be slow, for IE and Firefox it may be safer to update manually as soon as possible. You can check if you have the latest version, if not it's available for IE, Firefox, Opera and Safari from Adobe. Beware unwanted pre-ticked 'optional extras'.

In Firefox and Chrome you can set Flash Player to only play Flash content you chose to watch, therefore disabling (potentially malicious) 3rd party Flash content. In Firefox set Adobe Flash to "click to play". For Chrome it's probably easier to use the Flashcontrol add-on.


Using an ad-blocker will help prevent malicious ads from running, e.g. uBlock Origin for Firefox or uBlock Origin for Chrome (lighter on resources and easier to use than Adblock / Adblock Plus)

Users guides available here including:

User interface
Settings
3rd party filters
How to whitelist a website

You can use it as it comes or, in the 3rd party filters list scroll down to Multipurpose and select one of the Hosts files, e.g. Dan Pollock's or MVPS, this will block most known 'bad' sites.

In Regions, Languages add the Greek Adblock filter.

Offline BeeTee

  • Forum Deity
  • *****
  • Posts: 668
Re: Bad news
« Reply #1 on: Sunday, 13 December, 2015 @ 18:31:56 »
Just seen another useful tool, Speedtest, that is ditching Adobe Flash and beta testing using HTML5.

Beta version can be found here...

http://beta.speedtest.net

Quote
Speedtest ditches Adobe Flash
Adobe’s all-but-dead Flash platform is known for hogging extra computing resources. Ookla is in the process of beta testing the new version of Speedtest, the website that comes with all new design that is noticeably more minimalist than its current flash-based website and also does not require any resource-intensive plugin.

The usage of Adobe flash was strongly criticised by Apple’s co-founder Steve Jobs. The support for Adobe flash was also deprecated in some of the Apple’s products. Adobe itself issued a statement asking all the web developers to stop building any tools that makes use of Flash product. Adobe was also forced to rename its signature software from Adobe Flash Professional CC to Animate CC to remove the infamous “Flash” name from its product and to better associate its product with animation.

In fact many major websites including some of the popular streaming services like HBO and Spotify even now relies on Flash to operate – thus keeping the Adobe Flash live even now.

Ookla’s speedtest measures the ping, upload and download speeds of Internet connection.

http://news.thewindowsclub.com/speedtest-ditches-adobe-flash-81178/

Offline TonyKath

  • Forum Deity
  • *****
  • Posts: 1965
Re: Bad news
« Reply #2 on: Monday, 14 December, 2015 @ 20:29:31 »
It looks to me that giving preference to HTML5 is a YouTube option rather than part of Firefox.  FF does give the option to run in "Flash Protection Mode".  Which might explain why I had stability problems esp on the Indy site but possibly now less since I blocked their ads.

Tony

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Bad news
« Reply #3 on: Tuesday, 15 December, 2015 @ 12:16:04 »
It looks to me that giving preference to HTML5 is a YouTube option rather than part of Firefox.  FF does give the option to run in "Flash Protection Mode".

On the youtube/html5 page you should be able to check whether your browser (IE / Chrome / Firefox / whatever) is set to play HTML5 by default or Flash. Firefox 32-bit has Flash Protection Mode enabled by default, so you can opt out if you want to, this may improve Flash operability in some cases but leaves Firefox more vulnerable.


For Firefox users, NoScript is another way to block Flash auto-playing, effectively giving click-to-play control over it. However, NoScript isn't easy to get to grips with and it can be a problem knowing which third-party site needs permission to let scripts run. To give you an idea of what Javascripts do (not to be confused with Java), here's GGi as-is and with scripts blocked:





With scripts blocked the date, time and countdowns don't show, nor the daily pics.

So, Javascripts can usefully add to website functionality but they can also be used maliciously. In the past whitehouse.gov, apple.com, Microsoft.com, BBC.co.uk, amazon.co.uk, Facebook, Twitter, ebay, Trip Advisor, About.com, PayPal, millions of WordPress sites... among others... have been found to be exposed to XSS (Cross Site Scripting) vulnerabilities that have / could have left their users open to malcious attack.

Quote
Cross-site scripting (XSS): When a malicious hacker inserts malicious code into a trusted website.
https://www.microsoft.com/security/portal/mmpc/shared/Glossary.aspx


The 'bad news' is that this year (and in the past) these and other online media sites have been vulnerable: telegraph.co.uk, independent.co.uk, guardian.com, dailymail.co.uk


Sone nice winter pics on the Telegraph

Here's what I see with no ad-blocker or script blocker running:




This is what I see with uBlock Origin and NoScript enabled:




Ads and social media buttons have gone (I think social media buttons are option removal) and there's no obvious way to click through to the next pic. Clicking on the pic moves it on one.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Bad news
« Reply #4 on: Tuesday, 15 December, 2015 @ 12:21:10 »
These are all the unseen scripts running on that page:









Some are useful, some relate to ads, some... ?

The screenshots are just for info... I suspect many people don't run an ad-blocker, and certainly not NoScript (which can be a PITA to get to grips with), and still don't come to any harm - especially if their software is up-to-date with security patches. IMO, a lot depends on which websites are visited and what links are clicked on - but even 'good' websites get hacked / carry malvertising.

Offline TonyKath

  • Forum Deity
  • *****
  • Posts: 1965
Re: Bad news
« Reply #5 on: Tuesday, 15 December, 2015 @ 18:11:09 »
Amazed the Torygraph contains so much Javascript based material - no doubt all the other papers are the same.  Proves there's no such thing as a free lunch or a free news story.   :unsure:

Tony

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Bad news
« Reply #6 on: Friday, 15 January, 2016 @ 15:53:04 »
Good explanation of malvertising on the Sophos blog: Malvertising – why fighting adblockers gets users’ backs up

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Bad news
« Reply #7 on: Thursday, 21 January, 2016 @ 10:48:49 »
Quote
Are you blocking online ads yet?

Perhaps you should.

The likes of Forbes and Yahoo Mail are reportedly trying to block access to users who are running ad blockers. But it's an argument that is losing ground as more and more internet users find their computers are compromised by malvertising.

According to security firm MalwareBytes, the latest high profile site to be found spreading malware to its visitors via dodgy ads is MSN.

As researcher Jerome Segura reports, the attack appears to have been primarily focused on German users - posing as an ad for the cheap-and-cheerful supermarket chain Lidl.
https://www.grahamcluley.com/2016/01/msn-home-page-spreads-malware-malicious/