Some people have gotten malware from the SDMB. I think someone also said they got it from a (big) news website.
My question is: how does this happen? I don’t think the site would put it up deliberately (certainly not the SDMB), so, ads? Would certain ad companies allow malicious ads? I thought big websites would stick to big advertising companies, like Google, which wouldn’t allow bad ads to tarnish their image. Or does it happen due to prior infection, or from an intercept between the server and the user?
Could this happen to anyone? If everybody visited that page and they were all unprotected, would they all be infected?
This often happens as a result of advertising. Instead of selling ad space to individual advertisers most sites use an ad service that provides rotating ads and handles the hassle of dealing with advertisers. Occasionally someone slips a malware-infected ad by the ad service and anyone who loads that ad without updated anti spy/malware software is infected.
Regarding malware in ads: The original site and the ad broker can in principle check for bad ads, but there’s more than a few gotchas:
New exploits are found all the time. You can only check for exploits you know about.
Malware ad servers can and do check the IP address of the site requesting the ad. If it’s coming from the original site or the ad broker, they feed a bland ad. If it’s coming from what appears to be a regular user’s machine, then they feed the bad ad.
It’s a cat and mouse game, reputable companies try to get a random collection of proxies around the world, start checking what ads get fed to those machines, etc., the malware providers update their lists to blacklist those proxies.
Google runs into this problem a lot. Many malware laced sites feed one version to Google to crawl and another to users. Google thinks it’s safe, but it isn’t.
When it comes to ads, the ads should always be hosted by the ad broker and “quarantined” for a short while before being released. But ad buyers hate that and they have the money.
Sites get cracked all the time. Holes in servers and SQL databases, password cracking, etc. happen everyday. Once someone has root privileges to a site, then getting it to serve malware is easy.
One person’s “helpful toolbar” is another person’s uninstallable personal info stealing crap. So some of it is deliberate.
E.g., I just installed a new motherboard. One of the utilities on the CD (and available on the maker’s website) is some sort of browser “enhancement”. I Googled it. It redirects all Google searches thru some site, collecting data. So it slows down searches and steals your info.
This crapware is courtesy of ASUS. And it’s hardly the only one.
Flash especially was notorious for the security holes. One source I heard was convinced the rash of fake Anti-Virus was a result of the Flash problem. This is insidious because even if you update all the Microsoft patches, you still haven’t fixed the hole. No wonder Jobs hated Flash so much he decided it would not go on the iPad.
I am trying to think of a browser enhancement made by a biggish company that is not useless or worse. They all seem to be driven by marketing first with little thought put into what is being provided to the user for the enhancement.
AGV safe search is junk and it actively makes searching worse.
Bing bar is useless
Yahoo toolbar is useless
Google toolbar is useless
Actually with modern browsers toolbars are useless they take up screen space while providing nothing of value. They only thing of value that toolbars used to provide is an easy way to do a search. But now that IE, firefox, chrome and opera provide that with the browser the toolbar are just a waste of space.
The only useful enhancements seem to be things made by frustrated users. Things like add block pluggins.
The part about Google was referring to it’s search spidering, not it’s ads. But the malware people use the same tactic. Feed one version to whoever might monitor them, another version to the targets. I don’t see any Google ads on my computers except for the text stuff at the top of search pages. (And those links get blocked so I’m under no danger from getting something via Google that way.) I don’t directly know what sort of stuff they feed users otherwise.
While the “shell” of an ad might be at the ad broker’s site, the ad can contain references that pull in extra stuff from the ad source’s site. And that material can be changed on the fly without the ad broker’s knowledge.
Again, there’s the way we would expect things to be, and the way they actually are. This is because of $.