Great example of how just accessing a compromised web page can infect you. A couple of notable quotes: a spate of recent attacks have utilized zero day exploits, which means that even fully up-to-date software could be compromised—but attacks using those are relatively rare at this point. More recently, hackers have been taking advantage of HTTPS, making it more difficult to track them down.
A script blocker that disables 3rd party iFrames will prevent this at the browser level. An adblocker more than likely will too. uMatrix + uBlock would be very effective. Using a LUA with a few ACL, SRP or Applocker tweaks will prevent the exploit from doing anything at the OS level in Windows. I don't think Linux users will have anything to worry about.
Very informative article, Ron! Including links for more information. The article explains that these attacks use redirection techniques: This is an important point, for I've encountered some who mistakenly think the news site (in this case) is infected with malware, when, rather, it has been compromised with a booby-trapped advertisement that takes the user away from the news site. The use of SSL redirectors was mentioned. A nice summary here: Report: Malvertisers now using SSL redirects http://www.csoonline.com/article/29...ort-malvertisers-now-using-ssl-redirects.html And a diagram: http://www.cyphort.com/100m-huffington/ The article and some of the linked articles refer to the use of zero-day exploits. They seem to be targeting a plug-in: https://blogs.sophos.com/2015/07/21/a-closer-look-at-the-angler-exploit-kit/ While all of this seems rather ominous, I noted this observation and similar in some of the articles: Or the user may not have plug-ins enabled globally, meaning that upon being redirected to the attacker's (not trusted) site, the exploit would fail to start. ---- rich
Such attacks sound ominous but they are in most cases easily foiled. I just listed a few easy and free ways but didn't even think of plugins which I mostly disable and in the case of flash, set to click to play. Then there is emet and other anti exploit software that can be installed. The impression I get from this article is that the ad served exploits are looking for low hanging fruit and succeeding by the amount of exposure the ads get. If they are loaded on thousands of systems, they are bound to find some weak and vulnerable setups. I appreciate reading about them, in any case, because the best way to know if a security setup is going to be effective is to study the way malware works and infects computers.
Malware Spread via The Guardian's Article on Cybercrime http://news.softpedia.com/news/malware-spread-via-the-guardian-s-article-on-cybercrime-497519.shtml