HOME | DD
Heidi — How Malware Works Via Banner Ads
Published: 2012-01-06 00:54:45 +0000 UTC; Views: 27142; Favourites: 147; Downloads: 0
Redirect to original
Description
by $Heidi
How Malware Works Via Banner Ads
As many deviants know, deviantART has been working hard to combat malicious banner ads that infiltrate
our advertising network, and we've previously addressed this issue in
April 2011
and August 2011 .
In our ongoing effort to keep the deviantART community safe, we wanted to share the following
USA Today-produced
video that explains how malicious ads inundate the Web.
How Malicous Ads Inundate the Web
(Source: USA Today )
Protect Yourself
Malware advertising is an Internet-wide problem that affects many of the Net's top sites.
Keeping your browser up to date is one of the best ways to ensure your computer's safety.
Additionally, anti-virus programs offer another level of protection against malvertisements.
We strongly recommend that you download the latest version of your favorite browser.
Reports of Malware and Virus Advertisements
Our Ongoing Battle Against Malicious Ads
Related content
Comments: 769
I always keep up to date and have a good antivirus, but this is good to know. Thanks.
👍: 0 ⏩: 0
Well fuck. Lets hope dA gets free of this shit.
👍: 0 ⏩: 0
hm...I use Avast antivirus (full version) 
👍: 0 ⏩: 1
I use Ad Block. Works like a charm.
👍: 0 ⏩: 1
This is why System Restore= Win.
👍: 0 ⏩: 2
SYSTEM RESTORE IS MY BEST FRIENDS!!! Well, at this moment I keep getting that stupid Windows 7 Virus >.<
👍: 0 ⏩: 1
The System Restore on my laptop doesn't even work, so I guess I'm screwed.
👍: 0 ⏩: 1
Yet there are websites that consult ad services reputable enough not to contain malware from time to time :V I mean I don't have any problems with my setups, but every once in a time a friend will WTF at the warning messages their systems give them while browsing dA.
👍: 0 ⏩: 0
I use AVG Anti-Virus (Full Paid Version) and Malware Bytes (Full Registered Paid version), with Firefox and NoScript. I don't ever use Explorer, the only reason it is on my computer is because Microsoft insists Explorer has to be there (ggrrrr). If you really want full protection - you should pay for a full registered copy of your favorite anti-virus / anti-malware programs. Just getting a freebie trial and expecting it to be the staple to fully protect is not a good idea. I see so many ppl saying I want free this and I want free that and gawd, I have to actually pay for something?!
Still - my trust in DA keeping clean is very low. It has a VERY bad reputation for malicious adware, and has built that rep buy previously taking a "do nothing" or "oh you must be imagining things" about it stance. My suggestion to paying account holders who have been infected by DA ads and have not gotten a fair resolution - file a complaint with the Better Business Bureau. This is a legitimate "business". They have to answer when the government becomes involved, if they get enough complaints registered the BBB will force them to take action or else. [link] <--- BBB link
👍: 0 ⏩: 2
Two things.
First, all PC's have to have Internet Explorer. It's the program that allows you to view your files and folders... it's integrated into the computer that way. If you don't believe me, open your Computer window (where your drives are) and type a website address up in the path bar. It's actually an address bar! Plus, the notion that Explorer isn't as safe as say, Firefox, is kinda hokey. They update themselves just as often as the others. IE9 came out last year and it has wonderful security. I don't even have virus protection on my computer, and I use IE. Never had a problem. Maybe I'm just lucky though. But I doubt it, considering I teach people how to use computers and purposely go on not-so-good websites to get examples of them to show people how to recognize the threats.
Second... Paying members of dA don't get ads. So... they wouldn't have the problem. Just to point out. Plus, websites that have ads that are run by secondary parties are not responsible for the content of the ads. The ad company is the one to go after. So whomever powers the ads is the one that has the problem. And, sadly, it actually is not a crime to distribute viruses. It's one of those "user beware" things. You might be able to sue whomever is making this service you must pay for to get the virus off for fraud... but I'll bet it's a slim to nil chance.
👍: 0 ⏩: 1
Paying members of dA don't get ads. So... they wouldn't have the problem.
It is still a problem for paying members because you'll see ads before you log in. Yeah, this problem can be circumvented by keeping yourself permanently logged in, but I prefer to clear my cookies regularly.
Plus, websites that have ads that are run by secondary parties are not responsible for the content of the ads. The ad company is the one to go after.
These ad sites wouldn't be able to run if other sites didn't accept their business. dA and other sites could reduce this problem by having higher standards about what they allow to appear on their pages.
👍: 0 ⏩: 1
True, but that's your choice. I was simply pointing out the fact. I prefer to stay signed into my websites so as to better spot spoofed sign in pages. If I'm always signed in, then I shouldn't get asked to sign in again (of course, exceptions happen), which means I'll know if I typed a url wrong. That way I avoid getting my accounts phished, which in my opinion is a worse problem.
Also true, but legally, it's still not dA's fault. To be honest, I'm not even sure what ads caused this uproar in the first place. I can't afford a subscription here (what with student loans on top of life expenses) so I have plenty of ads... but they always seem to be the same ones I see everywhere... they target me with books and computers and sometimes MapleStory. Maybe these infected ads are for things that "silly" people get targeted for. Like free downloads or cheap products. Not that I'm trying to insult anyone, please understand. I just mean that people who don't know what they're getting into online are going to continue to find bad things because of how ads are targeted now-a-days.
👍: 0 ⏩: 1
Also true, but legally, it's still not dA's fault.
Yes, but the issue isn't whether or not it's legal. It's that dA has a responsibility to maintain the integrity of its own website if it wants to keep its users. Sure, they can say "user beware", but this will eventually lead to two things- one, people leave or two, people stay but aggressively use Adblock, cutting off the revenue stream anyway.
To be honest, I'm not even sure what ads caused this uproar in the first place.
I've heard reports from friends that they've contracted viruses from dA. I've never had an issue, but I use Adblock. It's not that I object to advertising- I object to intrusive advertising that screams at me with loud noises and tries dumping spyware and unnecessary cookies on my system.
Not that I'm trying to insult anyone, please understand. I just mean that people who don't know what they're getting into online are going to continue to find bad things because of how ads are targeted now-a-days.
I'm sure some of the ads are the type you need to click on to cause something to happen, like those banners that try to look like typical Windows alert messages. But it is possible for you to passively download something nasty from an ad. Your browser loads all the images and scripts for any other page on the Internet when you direct your browser to it- and that includes things that page is designed to call upon, unless you have measures in place to deliberately disable them.
👍: 0 ⏩: 1
I agree that dA needs to work on the issue, but truth is, there's no way to ever make it 100% safe. There's always going to be holes in security. The responsibility ultimately lies with the user. They have to keep their computers and browsers up to date for maximum protection against online threats. That's honestly all I do on my computer and I've never had a problem. Just since my last comment, I came across a website (not dA) which had one of these drive-by downloads. IE9 stopped it in its tracks. Whenever stuff like this arises, someone makes a security update for it. Which, ironically enough, is what I'll be going to grad school for in the next year or two (depends on my money situation at the moment).
What it boils down to ultimately, is that there are bad things in cyberspace, and there will always be holes in security for them to get through. People have better chances of staying safe if they update their computer as soon as updates become available. No, this still isn't 100%, but it sure is better than nothing. It's the responsibility of the user to understand what is a threat, how to catch it, and how to deal with it if it arises. Which is why I said I wasn't trying to insult anyone... The majority of people who own a computer in this time are people who actually have no clue how to use it. They check their e-mail and browse the web a few times a week and it stays off the rest of the time. Updates get missed. They don't understand that websites can be bad, and they end up going places they shouldn't.
I don't know if I mentioned it already, but I teach people how to use computers at a library. You'd be amazed (or maybe you wouldn't) at the number of people who don't shut their computer down properly (updates don't set in and errors can start to occur), or download every attachment e-mailed to them just because it says "here's that file you wanted" on the subject, or go to those "my clean pc" and penny auction and any other TV advertised scam site that puts crap on computers so you have to pay to get it removed. dA is honestly the victim here, because yes, as you said, people are going to leave, or block ads which give dA revenue. The people who got the malware are not victims. They are in the end, if you'll pardon the expression, stupid; with the occasional exception of those who took the security measures and the malware just found a hole that hadn't been fixed yet.
Bottom line, the blame isn't 100% on dA. I'd say it's a clean 50/50 between website and user.
👍: 0 ⏩: 1
I am in agreement with most of what you've said- yes, the ignorance of people can be amazing at times (you'd think people would make an effort to understand the technology that they use everyday, but there's plenty of evidence to the contrary) and you have to be diligent about your own security measures. Where we clearly disagree is what level of responsibility deviantART has.
Nothing will ever be 100% safe or reliable. Anything can be hacked. But a clean 50/50 responsibility between website and user? No, I disagree. I think a business has a responsibility to take whatever reasonable measures they can to keep their user base safe. Will they always succeed? Unfortunately, no, and it may often not be their fault, in which case their response to it is vital. It seems like dA is aware of the issue and is starting to respond, which is good. This post, however, I hope dA considers something supplementary to help and inform their users and not their solution to the problem of their ads. They chose who they allow to advertise- maybe not always the individuals ads, but certainly the service providing those ads- and they need to do their proper diligence in screening out malicious ads.
👍: 0 ⏩: 1
It seems that we will just have to agree to disagree on that point then. : D In my opinion, dA is stuck between a rock and a hard place, and they're doing the best they can fixing a problem they shouldn't have to fix. After all, the ad company is the one making the ads, not dA. dA may not even have the ability to screen the ads that get shown. Plus, those ads are targeted. If someone is getting those phony notification ads or malicious ads, it's probably because they're searching/looking at things that cause those kinds of ads to be pulled up.
Long ago, when I searched for places to download music or tv, I got lots of "you've won!" or "warning!" ads... because I was searching for something illegal, and getting into sites that had malware nested within them to begin with. Now that I don't do that anymore, and most of my searching includes online games, pictures for my classes, or general curiousity, I don't get those ads anymore. I'm looking at an ad for microsoft office right now because I was showing a friend theultimatesteal.com last night. If you're not getting into the bad stuff to begin with, it's a lot harder for it to find its way in on its own.
👍: 0 ⏩: 0
I normally stay away from IE, no matter how Microsoft updates it, there will be hackers out there just for the lulz to continue attacking us.
I use Firefox with Adblock & NoScript attached.
👍: 0 ⏩: 0
Taking the apple rout, are you? Well, everyone else has these problems as well..
Yea, they do. Every single site. But out of all of them, i think DA has it the worst. That's just my personal experience.
👍: 0 ⏩: 0
I know this virus front and back, and it takes about five minutes to get rid of.
👍: 0 ⏩: 0
Just to not sound repetitive. . .
Firefox + Ad Block Plus = No more ad banners at all!
Seriously, I can't even see what's in the blank box under "How Malicous Ads Inundate the Web" in the article. I see only a white rectangle.
👍: 0 ⏩: 1
Well, since that's a legit video right there, it's proof the list your AdBlock uses is too radical :V (My Opera's AdBlock doesn't block it at all, but I don't see ad banners on dA either)
👍: 0 ⏩: 0
Adblock + Noscript = No more malware. Problem solved.
👍: 0 ⏩: 0
Effort? Bullshit, if you were making effort you would be pressing legal charges against the advertizing agency day in and day out for putting malware on your site and infecting users.
[link] <- You deserve EVERY penny you lose because of this addon. EVERY GODDAMN ONE. Period. End of story. If a lawsuit ended up happening against Deviant Art because of malware ads I would fucking LAUGH and LAUGH and LAUGH and LAUGH!
👍: 0 ⏩: 1
I'm sorry you feel this way, but unfortunately, the problem of malvertising is not an easy one to solve. DeviantART relies on advertising to keep the site up and running. Ad networks are complex, but we actively scan for suspicious activity and take action where necessary. We want users to be safe as they browse, which is why we hope to educate through these articles and encourage deviants to use a good, up-to-date browser and anti-virus protection.
👍: 0 ⏩: 1
Bullshit. If you wanted them to be safe you would press legal charges against the networks for distributing malware or find a better one, the go-to site for original submissions with millions of entries and ridiculous amounts of pageviews could get any agency they wanted. Every single thing you say puts the blame on the user, so fine, I'm taking my art and leaving. I'll go somewhere they actually -care- about the users and not give them malware.
DeviantArt cares more about their bottom line than the users, and you are a corporate dog paid to be PR and not part of a reasonable solution. End of story. Goodbye and good fucking riddance.
👍: 0 ⏩: 0
👍: 0 ⏩: 0
I feel stupid to say what I'm going to say becuase you already know it perfectly well...
dA is risponsible for the ads in the site...not te user... what you are telling us is "ok, we buy a pack of ads from some place that GIVES US money and GIVES YOU viruses, so" As usual you do things that affect the community and then you expect us to think "well, shit happens"...well no...shit doesn't happen, you bring it to us.... your ads are cheap and, obviously, are not controlled by anyone (except a robot). You want us to believe that you goo to google ads and tell them MR. Google your ads are malicious... NO you keep buying their packs and no one controls the contents... You can't even control that since they are spread ramdomply in the site and you use an external code to introudce the ads...you just place a container in the site pages and the ads are sent automatically from outside the site...so you have no control over the ads beyond the money you collect from them....
The truth is you don't care, since the people who suffer the ads are those with no subscription that is...not giving you any money...
so the policy of "go buy protection because I will certainly rape you when ever I want...if you don't do so the consecuences are upto you" is not a good one...
The only REAL solution is that you select the ads you display in the site one by one... but we all dA won't do that....
👍: 0 ⏩: 1
You're right that it is our responsibility to see that our advertisements are legitimate and do not invade your computer with unwanted content. The problem arises in the fact that the Internet is an essentially open platform, allowing both the good and bad. Whenever suspicious activity arises in our ad networks, we are quick to take the necessary actions and inform the community of what we've been doing. This is no easy task, as these networks are complex. Our approach is to openly and honestly tell you how hard it is and tell you how hard we are working on it. We will continue to do that and we will continue to hope for your support.
👍: 0 ⏩: 1
I have never been on another site that has had to tell it's members this.
It was DA I was browsing EVERY all three times I was infected with win 7, until I got adblock which = lost revenue to you. It's not like DA hasn't known this is going on for awhile either.
👍: 0 ⏩: 0
firefox + addon ADBLOCK PLUS + English (and Fanboy's list) subscription ((for adblock plus)) = no more malware
👍: 0 ⏩: 0
People just download AdBlock Plus already and you will be good to go.
👍: 0 ⏩: 0
I'm so glad that I have Adblock these days. I hate viruses.
👍: 0 ⏩: 0
Keeping your browser up to date is one of the best ways to ensure your computer's safety.
And then there's the best: adblock.
👍: 0 ⏩: 0
I've been SO incredibly thankful for adblock and noscript ever since someone practically forced me to get Firefox. And now I look back on it and question why I didn't do it earlier. They're truly a savior.
👍: 0 ⏩: 0
I've had issues with malware no less than three times while browsing dA. It was always some ransomware program that would pop up and screw up windows. Twice it resulted in my laptop having to be re-formatted. After switching from IE to Chrome with adblock, haven't had a problem since.
👍: 0 ⏩: 0
I have used adblock for many years and it's a blessing. But you have to feel bad for people who run ad companies that run on the revenue of legitimate ads. They can't use adblocker because it will drastically drop their revenue.
👍: 0 ⏩: 0
Google 'Adblock plus' Learn a little bit about it, then download it if you like what you're read. I hear that it blocks advertisements, (Obviously, based on the name. LOL) but you should learn more about it before you download it. I honestly don't know much about it, so... Yeah. You should ask someone here who has it.
Hope I was helpful in some way.
👍: 0 ⏩: 0
You, yes, you the person looking at the comments or my comment.
Just use ADBlock, there's an IE version too.
👍: 0 ⏩: 0
<= Prev | | Next =>