Some Bing Ads Redirecting To Malware 146
An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection."
Perspective (Score:5, Insightful)
Re:This also in... (Score:5, Insightful)
...like Bing and Yahoo (whose search results come from Bing).
Yeah, it's not like the service itself is named [wikipedia.org] Bing Ads [microsoft.com], or anything.
Re:Proof (Score:0, Insightful)
Says the person who wants all the content they can grab for free.
Nothing costs $0. Do you want ads or a paywall?
One more reason for me to not use Bing (Score:4, Insightful)
Re:I know it's another stereotypical diss on Bing (Score:5, Insightful)
If your cpu is overworked by browsing 1 secure site, you might want to consider an upgrade.
Re:This also in... (Score:5, Insightful)
I suppose you can be mad at Microsoft for not constantly scanning their customers, but "Bing ads" is still misleading in the usual headline sensationalism way...
Actually, you can't. A standard tactic is to serve regular, unmodified ads, to IP address blocks known to have businesses that to this. For example, the google crawler -- many websites will show different pages if you simply sub the user agent string in as Google; Bypassing compulsory registration, not displaying navigation ... adding piles of SEO words to the bottom of the page, and the list goes on.
Microsoft can't be expected to protect against stuff like this; Every website that allows javascript to be injected from a 3rd party website is equally vulnerable. And that's most of them; Including Slashdot; It has script links to rpxnow.com and fsdn.com. Hundreds of websites link into Google's ajax and analytics pages. A great many websites simply break if you disable 3rd party javascript.
So blame Microsoft if you want, but really, the people you want work at ORACLE.
The actual article is here.. (Score:5, Insightful)
Who's responsible for the ads served (Score:4, Insightful)
Take any given major website, turn off AdBlockPlus, FlashBlock (or alternatives), and NoScripts (or alternatives). How many ads can you count that are of the nature: "Learn that 1 wierd trick to lose 10 pounds" or "Enter your age to see if you qualify for money to go back to school" or "blah blah obvious scam".
They are everywhere. Now for me, I think much less of a website and the entity that owns it if they are serving these ads. I actually feel that if you get scammed through one of them it should be the website's fault for being party to a crime, because they served you the malicious ad.
If I had a brick and mortar business, and people paid me to stand inside my business and "demo products" or something, and you came in and got scammed, you would be pissed at my business. The business might also be liable.
Obviously the internet is different than meat space. Obviously you cant fix stupid. So who is responsible for serving a malicious ad?
All ad networks do this (Score:5, Insightful)
Not defending Bing in particular here, but every ad network gets utilized to deliver ads by malicious parties. Every ad company you can think of has staff that work full time just to look for and filter out malicious ads. A pretty significant portion [securitybistro.com] of all malware is delivered my ads that are unwittingly served by sites from Facebook to CNN or any other site you can think of.
Here's a nice link to a NIST [pdfeigchxu....awccadrja] report on the matter that you can get to once the government gets back to work. The problem goes back many, many years, so why on earth is this being reported as news?
Re:Proof (Score:0, Insightful)
Unlike a hippie fantasy, content costs money, either in time, licensing, or other work. Someone is going to pay for that content, be it you with a paywall, or an advertiser. We see this entitlement for free content already as almost all reliable press sites have paywalled up in order to survive.
Deal with it, DRM, SEO, and ads are a fact of life now. Whining about the past gets you nowhere and makes you look like an anti-business Luddite.
Oh, and my rat friends drive better cars than you will ever open a door to.