THESE LINKS ARE A HAZARD IF YOU'RE USING MICROSOFT WINDOWS.
Here's the Washington post story. I guess it's OK most of the time since the ads are rotating. Firstly, the annoyance is that they've found a way to break Firefox 2's view-source, so I can't see the source html to find the follow-on link. The text "DELETETHIS" in this URL must be removed.
http://www.washDELETETHISingtonpost.com ... -2004Apr15
And secondly, here's the ad that popped up. It does stuff that Firefox shouldn't allow. And does it all with Adblock Plus 0.7.5.5 running. Its script resizes the window, and immediately starts up the dialogue box saying that you've chosen to open a DOS/Windows executable. If you close that dialogue and then try to close the window with the usual terminate-window decoration, then it pops up another window saying that a virus has been discovered on your machine, and the open-file dialogue opens again, and this time you can't close it until the virus-warning popup is closed first. The only way for me to terminate the window was with the X-windows ctrl-alt-esc cursor of death. Presumably Microsoft Windows users would be at serious risk here. I thought that browsers had fixed tricks like this long ago.
http://virDELETETHISus-scanonline.com/nag/
Anyway, I don't know how Adblock was evaded by these scumbags. Anybody know if Adblock can deal with this? And anybody know if Mozilla is still doing security updates of their now obsolete Firefox 2.0?
Nasty ads at Washington Post
I didn't see any ads (or anything out of the ordinary) in the first post. The 3 filter subscriptions I am using block 14 things and hide 2 others
Get them from:
http://easylist.adblockplus.org/
Screenshot:
http://www.geocities.com/hubird/blockedstuff.gif
Edit:
I visited http://www.virus-scanonline.com/nag/ (visit as your own risk !!) and it automatically tried to start a download. Just out of curiosity I let the download start to see what I got. I ended up with a 60k exe. I scanned it with http://virusscan.jotti.org/ (a online malware scanner) and only 1 out of the 20 antivirus engines it uses reported it as suspicious. I then scanned it again using http://www.virustotal.com/ and 5/33 antivirus engines found it suspicious.
I have not worked up the courage to install it and see what it does but I am treating it as suspicious.
If you add
to your list of filters it will fix the site up
If you want to go one step further you can hide the left over text with
@Rick: Maybe something can be added to the MALICIOUS section in EasyList ?
Get them from:
http://easylist.adblockplus.org/
Screenshot:
http://www.geocities.com/hubird/blockedstuff.gif
Edit:
I visited http://www.virus-scanonline.com/nag/ (visit as your own risk !!) and it automatically tried to start a download. Just out of curiosity I let the download start to see what I got. I ended up with a 60k exe. I scanned it with http://virusscan.jotti.org/ (a online malware scanner) and only 1 out of the 20 antivirus engines it uses reported it as suspicious. I then scanned it again using http://www.virustotal.com/ and 5/33 antivirus engines found it suspicious.
I have not worked up the courage to install it and see what it does but I am treating it as suspicious.
If you add
Code: Select all
.virus-scanonline.com/*to your list of filters it will fix the site up
If you want to go one step further you can hide the left over text with
Code: Select all
virus-scanonline.com#DIV(class=center1)
Last edited by Hubird on Tue Jul 01, 2008 7:31 pm, edited 1 time in total.
________________________________
ABP Subscriptions
ABP Development Builds
Submit an issue report with Adblock Plus
ABP Subscriptions
ABP Development Builds
Submit an issue report with Adblock Plus
Done!Hubird wrote: @Rick: Maybe something can be added to the MALICIOUS section in EasyList ?
Just from my experience:
Although any initial 'inline script' exploit request can't be stopped with ABP, the EasyList should now break any of the "virus-scanonline" resulting items and scripts from initiating with no problem. Nothing from that domain should be able to function correctly after the initial 'alert box" is given. That page can also be easily closed now too.
If this is being exploited through an advertiser, the EasyList should already be blocking that.
Sounds like the same old scheme. The infamous "detected spyware" alert. It looks like they just keep changing the domain:
Previous domains:
antivirus-scanonline
defender-scanner
malwarecrush
spyshredderscanner
avsystemcare
onlinexpscanner
.. and now "coming to an EasyList near you" ... virus-scanonline.
ps: Don't you find it interesting that this is on the Washington Post ... the same site that my interview about the (slightly pro advertising) EasyList story just ran? It's funny that in the story, I mentioned that the main reason I started building the EasyList was because of badware exploits. How about that?
Last edited by rick752 on Tue Jul 01, 2008 7:33 pm, edited 3 times in total.
I think it would be better to allow the 'remains' of that to be seen, Hubird. That way it could be reported to the site or actually still be identified in the wild.Hubird wrote: If you want to go one step further you can hide the left over text with virus-Code: Select all
scanonline.com#DIV(class=center1)
The EasyList should 'break' that exploit now, so I don't believe that will be a problem.
I agree, hiding the text will just confuse people. I was just giving the o/p all the options.
Would defiantly give all the people who left negative comments on the EasyList article something to think about !!Don't you find it interesting that this is on the Washington Post ... the same site that my interview about the (slightly pro advertising) EasyList story just ran? It's funny that in the story, I mentioned that the main reason I started building the EasyList was because of badware exploits. How about that? Very Happy
________________________________
ABP Subscriptions
ABP Development Builds
Submit an issue report with Adblock Plus
ABP Subscriptions
ABP Development Builds
Submit an issue report with Adblock Plus
I just wrote an email to Peter Whoriskey (the Washington Post Tech Staff Writer who just wrote the EasyList article) to read this post and give me his reaction to it.
Peter is a fine journalist (and a very nice guy), but this whole adblocking thing is quite new to him. I would like him to realize that there really is more to content-blocking than simply blocking ads. I tried to explain that to him in our second interview night.
Peter, when you read this, I would REALLY like your reaction. I hope you pass it on to your partner too that wrote that other article (can't remember his name off hand). I'm not doing this to pick on anyone. As a matter of fact, exploits like this really burn my *ss. It is only meant as an "enlightenment" to the truth. As a tech journalist, you should be aware of certain problems out there that you may not know about yet. Many users consider Adblock Plus (with the proper subscriptions) a great barrier against malware, spyware, & tracking (like I was telling you)
Peter is a fine journalist (and a very nice guy), but this whole adblocking thing is quite new to him. I would like him to realize that there really is more to content-blocking than simply blocking ads. I tried to explain that to him in our second interview night.
Peter, when you read this, I would REALLY like your reaction. I hope you pass it on to your partner too that wrote that other article (can't remember his name off hand). I'm not doing this to pick on anyone. As a matter of fact, exploits like this really burn my *ss. It is only meant as an "enlightenment" to the truth. As a tech journalist, you should be aware of certain problems out there that you may not know about yet. Many users consider Adblock Plus (with the proper subscriptions) a great barrier against malware, spyware, & tracking (like I was telling you
) -
asdf