ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware

(1/4) > >>

Stoic Joker:
Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware


One of the sites effected is apparently CNet, as one of our customers got nailed by this while trying to download the latest copy of Avast AV (which is hosted on CNet). The customer in question is a hyper vigilant old schooler who doesn't like, trust, or use the internet for anything unless absolutely necessary. So they most likely got burnt by the idiotic marketing practice of having multiple unidentified huge green download buttons that infest CNet.

Renegade:
And people call me a douche or cheap ass for using ad blocking software. Pfft. Yeah, that's one of the reasons why I run it and never click on ads. Sorry, but if you're not vetting your advertisers, I ain't clicking. There's a long road ahead before a decent solution to this problem is created. Actually solving the problem isn't that hard... rolling it out is near impossible.

bit:
Hopefully Malwarebytes will protect users from this.^
What I would do if hit with something like this, is;
-Shut down.
-Kill power physically (as in unplug for 30-60 seconds) [to prevent virus  hiding in the RAM chips between boots].
-Reboot with a CD of Derik's Boot & Nuke (freeware).
-Write zeros to the drive (takes 3 hours on average size drive).
-Not sure if Derik's will do same to any thumb drives, but it's worth considering.
-Shut down.
-Reboot from backup hard drive.
-Run backup restore using any drive cloning software from alternate drive which has been kept physically unplugged.

Once, I forgot to kill power first, and a virus in the RAM jumped to my #1 backup drive and killed that one also.
So I killed power, and got it all up and running using my #2 backup drive.
Now, I also keep a #3 backup drive.
Backups tend to get a little out of date, but are easily updated when needed.

I avoid CNET at all costs.
I picked up a couple of PUPs with a download of 'little registry checker' from MajorGeeks, and Malwarebytes caught and stopped it.

Norton 360 initially gave the download a clean bill of health
Then, after I had clicked on 'littleregistrycleaner.exe', Malwarebytes ran a pop-up warning me of two PUPs.
By that time, I was presented with the option to proceed with either 'Install' or 'Cancel'.
I clicked on 'Cancel', and 'littleregistrycleaner' was quite 'in your face' about wanting to 'install' and ignored its own 'cancel' button.
The little hack was like, "I've got you now; screw you."
So I ran a scan with Malwarebytes which shut it down.

crabby3:
Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware


One of the sites effected is apparently CNet, as one of our customers got nailed by this while trying to download the latest copy of Avast AV (which is hosted on CNet). The customer in question is a hyper vigilant old schooler who doesn't like, trust, or use the internet for anything unless absolutely necessary. So they most likely got burnt by the idiotic marketing practice of having multiple unidentified huge green download buttons that infest CNet.
-Stoic Joker (October 24, 2014, 07:52 AM)
--- End quote ---

Interesting read.  Were you able to remove the malware?

Hyper vigilant?  Even i know to go to the programs site.

Fake download buttons are hard to judge.  Some are marked Ad... some are not.

.---  ..-  ...  -      -.-  ..  -..  -..  ..  --.

 ^ I hesitated before i clicked your link...  :huh: :) ;D :-[

Stoic Joker:
What I would do if hit with something like this, is;
-Shut down.
...
-bit (October 24, 2014, 09:06 AM)
--- End quote ---

Fail ... That is what they want you to do. Any rootkit's ability to burrow in and completely take over a machine is contingent on panicking the user into performing that ever critical first reboot. After which, with system level permissions it can do massive damage to mapped drives.

Now disconnecting any external backup drives you have would be a good idea in the hopeful assumption that the attack focused first on drive C: ... But nothing is guaranteed with these people.


Interesting read.  Were you able to remove the malware?-crabby3 (October 24, 2014, 09:27 AM)
--- End quote ---

They're 50+ miles away and closed for the weekend - staff is trying to contact the out-of-town brass for authorization ... Blah, Blah, Blah - The situation is dire..


Hyper vigilant?  Even i know to go to the programs site.-crabby3 (October 24, 2014, 09:27 AM)
--- End quote ---

Good plan. He did. Avast AV's download page sent him to CNet.  :wallbash:


Fake download buttons are hard to judge.  Some are marked Ad... some are not.-crabby3 (October 24, 2014, 09:27 AM)
--- End quote ---

Quite true (most are not), and also quite possibly the crux of the problem here. I maintain that lawyers and marketing people should be actively hunted for causing problems like this.


^ I hesitated before i clicked your link...  :huh: :) ;D :-[ -crabby3 (October 24, 2014, 09:27 AM)
--- End quote ---

Me too. ;)

Navigation

[0] Message Index

[#] Next page

Go to full version