HOME | DD
StevenRoy — Why you get viruses from DA...
by-sa
Published: 2010-01-27 09:39:21 +0000 UTC; Views: 7267; Favourites: 51; Downloads: 72
Redirect to original
Description
...and how to block them.I hope I've made the screenshot sufficiently self-explanatory. Basically, I caught dA's banner ad system in the act.
There were even a couple of months (admittedly quite a while ago) where I got this sort of thing at least once a week.
So, I blocked the first two sites involved, "optimizedby.rmxads.com" and "partner.googleadservices.com", by editing my "hosts" file (anyone wanna learn how?), and that solved the problem. (It's a more extreme and tricky step than is necessary, but it works for me.) Blocking the latter also apparently fixed the problem with some ads appearing in the wrong places and completely screwing up dA's layout.
You gotta be more careful, deviantART! You gotta be more careful about where you get your ads from!
And the rest of us all better have good virus protection! (I like [Free AVG], but even McAfee is better than nothing... maybe.)
(Incidentally, I've also noticed the same problem, though much more rarely, on the SmackJeeves site.)
-
How to protect yourself if you use Firefox:
A good ad-blocking plugin will do it. I strongly recommend Adblock Plus [uBlock Origin] - downloadable [here] , although [Noscript] is also a popular alternative; either one will work great here.
How to protect yourself if you use Internet Explorer:
[Please read this.]
How to protect yourself if you use Google Chrome, Opera, or other browsers:
There are now versions of [Ad-block Plus] [uBlock Origin] for Chrome, Opera, Safari, and other browsers.
Do you need a good free Antivirus program?
Many years ago, some company ran some comprehensive tests that rated several free AV programs based on their effectiveness, their user interface, and their impact on system performance. AVG got third place, behind avast! and Avira. (They all got "A"s. Heehee, get it?)
(Microsoft Security Essentials was also part of this test. It didn't do well!)
I already liked AVG at the time, and it rated highest for user-friendliness, so that's the one I generally recommend. (Some versions have had a bloat problem, but I think the current version is okay.)
Other steps you should take:
If you use Windows, "Automatic Updates" must always be enabled. Also note that, on Windows XP systems (yes, I still prefer XP), the [Windows Update site] may list a newer "Internet Explorer" version as a high-priority update if you don't have it already; this is for a good reason! I recommend that all Windows users keep IE updated to the newest version available (and then not use it), because this updates system components as well.
Also, IE should not be your primary browser! I strongly recommend you use an alternative browser. Right now I'm using [Firefox] and I prefer it. Google Chrome is also a popular alternative for some reason.
Some of these viruses infect your computer by using "malformed" PDF files. To protect yourself from those, you should ensure that you have the newest version of Adobe Reader. (That's version 11.0.08 as of Sept 30, 2017 - at least for Windows XP systems.) [Get it here.] (Alternatively, you can rely on your browser's built-in PDF support - this is probably the default for most browsers not anyway, although it's usually not as good. Or, you could remove all PDF support, but that's less easy and less practical.)
Also, make sure you have the newest version of Flash. Adobe provides [this page] which will tell you which version of Flash Player you have installed, and which version is current. (That's version 27.0.0.130 as of Sept 30, 2017.) If you don't have the current version, you really need to upgrade.
(In general, you should always check all Adobe software for updates frequently, because they're sloppier programmers than Microsoft.)
I also recommend "SpywareBlaster ". It is not an antivirus program and does not remain in memory or use CPU resources, but it contains a huge list of evil and "restricted" sites, ActiveX controls, and tracking cookies, and reconfigures your browser's security settings (in IE, FF and Chrome) to block them all. This provides an additional layer of protection, best used in addition to a memory-resident antivirus program (such as AVG or avast!) and a good ad blocker.
Also worth having: "Malwarebytes Anti-Malware ". The free version does not offer memory-resident virus protection, but can be used alongside other antivirus software to periodically scan for (and remove) viruses that your other software may miss. (Note, though, that a 14-day trial period is enabled automatically in newer versions of MBAM, and should usually be disabled to avoid conflicts with other antivirus software if you have any.)
-
I hope this helps make the internet a slightly safer place. Spread the word; knowledge is power!
Related content
Comments: 46
For blocking unwanted stuff, I use Adblock Plus in my browser, as well as appending the entries from MVPS to my system's Hosts file. I saw in your description that you modified your own Hosts file to block a few things...perhaps this could add a few more for you.
👍: 0 ⏩: 0
Hmm, so I've been using MSE for a while. I'm not too attached to it, so I'll probably get Avast if it's better. Both of those are memory-resident?
Having also used Windows 7 and Chrome for a while, I also do scans once a month with SpywareBlaster, SS&D, occasionally MalwareBytes... and they never find anything! I suppose that's a good problem to have, but doing all these scans can take all day. And for all I know, I'm not doing them often enough. What are your thoughts?
👍: 0 ⏩: 1
Yes, Avast is memory-resident, and it's generally considered much better than MSE. I strongly recommend it. (Just make sure you uninstall MSE before installing Avast, to avoid any possible conflicts.)
Also, as long as you have good resident protection (such as Avast) and good browser protection (such as AdBlock Plus for Chrome ), you shouldn't need to run additional scans very often. Once a month should be more than adequate.
👍: 0 ⏩: 0
This is a ever-useful resource I link people to, but I think it should be updated now that ad blocking exists in IE 9 and later, under the banner of "tracking protection". All you need is a third-party list file called a TPL. Fanboy's list at [link] is one of the suggested filter lists for Adblock Plus that can also be installed into Internet Explorer as a TPL.
👍: 0 ⏩: 1
Internet Explorer finally catches up to decade-old Firefox technology yet again? Wonderful!
Seriously, though, this is good information. Thanks!
👍: 0 ⏩: 0
Or you could install Adblocker and forget about ads ANYWHERE YOU GO!!! EVEN YOUTUBE!
👍: 0 ⏩: 1
Exactly! There's a reason why Ad-Block Plus for Firefox happens to be the very first link in the description here.
It's not even really about blocking the ads themselves; I wouldn't mind the ads nearly as much if they were safe! But whenever one of these internet ad companies isn't careful about the kinds of HTML code they accept and distribute, this sort of thing can sneak in, and suddenly the town is overrun by parasprites!
👍: 0 ⏩: 0
Ads drive me insane
Whenever I see a page full of these, I just tell them
Thanks for the useful info
👍: 0 ⏩: 0
Wonderful advice along with some pictures to help us better understand. GJ!!
👍: 0 ⏩: 0
got internet security 2011 today. tiard of them saying they are going to do something it's bs.
kaspersky is ausome as well, but ive been without a job for more than a year.
👍: 0 ⏩: 0
Here, you're implying that the ad itself is a virus - which is not always the case; it's the changes that the ads make, as far as I've noticed.
Using this, the only problems I get from ads, using Google Chrome and this [link] is tracking cookies and other cookie jazz (I'd have to disable my blocked cookie list entirely to get a screenshot of my anti-virus catching a crapload of them).
Mind pointing me to an antivirus screenshot so I can see what you're talking about? Maybe our cases go hand-in-hand.
👍: 0 ⏩: 1
Yeah, that's not what I meant to imply. Let's see if I can clarify this:
In this screenshot, the virus is the file loaded into the 2x2 IFRAME (at the bottom of the red area) within the 1x1 IFRAME (above red area). Yes, that file is not the ad itself (good luck fitting a useful ad into a 1px square), but the code serving the virus comes (indirectly) from the same site serving the ad.
(As for cookies, yes, there are privacy concerns surrounding the way these ads use cookies, but that's actually not part of this process.)
You want a screenshot proving that the file I pointed out is a virus? Well, I hope [this] is good enough!
(Thanks for the +watch, by the way.)
👍: 0 ⏩: 1
Veracity and meaning confirmed. =]
I want you to post - in decent summary (I intend to paraphrase and re-word, but still credit you, so include links) - info about this issue in my news thread here: [link]
Once I have it re-written, you will surely (and massively) be credited. I'll also fire a link you a link via note so you can spread it around.
Also, you're welcome for the watch. We're on the same line of business. =]
👍: 0 ⏩: 0
Eye-openingly informative. I don't think I've ever felt so glad that I use AdBlock Plus. Ironically, it was the threat of an attack on this site's rival SheezyArt that made me install ABP. . . but this is more than a mere threat, but an actual attack!
I'm glad my personal blog is completely ad-free. It keeps my readers safe.
👍: 0 ⏩: 1
Internet: The largest logic puzzle ever!
👍: 0 ⏩: 1
Logic puzzle? What makes you think I'm going to understand an analogy about logic puzzles? ;3
👍: 0 ⏩: 0
omg wow.
i use chrome and it warns me if there is stuff that can mess with my computer!
👍: 0 ⏩: 1
Mine doesn't even warn me, just kills it outright. xD
👍: 0 ⏩: 0
Thanks for this. Do you mind if I link to it in my journal?
👍: 0 ⏩: 1
This is probably the most practical thing I've run across on this site. Thank god some of us know how the interwebs work
Also, their class name is rather funny and also explains how to solve the problem.
For the hostfile, I assume you mapped the sites to 127.0.0.1, right?
👍: 0 ⏩: 1
Glad you liked it!
And yes, always remember to confuse your Fella regularly!
And yup, that's what I did, although now I use 0.0.0.0 instead of 127.0.0.1 because it seems like "invalid address" is a slightly faster fail than "connection refused". (I also map the word "null" to that address for reverse lookups, otherwise I get confusing results when I use "netstat" et cetera.)
👍: 0 ⏩: 1
Ah, yes that would be faster. And by mapping "null", I assume you're using it just as an alias for the user's sake, right?
👍: 0 ⏩: 1
Well, the main reason is that when a process is listening on a port, "netstat -a" lists 0.0.0.0 as the "foreign address" for that socket. Displaying "null" for that address is much better than displaying something random like "optimizedby.rmxads.com" and relying on me not forgetting that that address actually means 0.0.0.0 now!
👍: 0 ⏩: 0
Also, there's information on how to report illegal ads here: [link] under the second header (Reporting Bad Advertisements).
👍: 0 ⏩: 0
Yep.
We need ad service that only allows jpg, png, and text, no gif, no flash, no html, no JavaScript.
Perhaps then people would block them less because it isn't annoying or maliciouis.
👍: 0 ⏩: 1
Amen to rolling back ads to 1998!
👍: 0 ⏩: 0
Addendum:
Chrome: Install Adblock [link]
Adblock button for the space next to the omnibar: [link]
For you twitter users, Chromed Bird is a pretty good extension(4 months with it, and it's nice to have it accessible via a button): [link]
👍: 0 ⏩: 1
No problem.
See ya at whenever has a chance to stream again, Mr Moderator
👍: 0 ⏩: 0
Ooooooh layman's terms! Thank you!
I've been curious as to how exactly the nonsense began, but at a loss of how to explain it to people. Thanks!
👍: 0 ⏩: 0
you can edit the lmhosts if you really want but.. it's really easier just to use firefox with no-script.
👍: 0 ⏩: 0
I don't doubt it. DA had a lot of ad services running, some that I think users aren't very aware of.
I use Firefox and use the Firefox addon Script Blocker, it's a fairly aggressive ad killer and webscripting stopper. I have to allow DeviantArt.net, deviantart.com - and then hit and miss the others to see what lets DA function correctly or not. I would prefer to block out all the unessential ad scripting if I can.
So much advert scripting can lead to exploits and spyware exploits. That's why I'm wary of it all the time. I'm a solid supporter of FireFox and a decent script blocking/ad blocker addon if you can find one. Explorer - any version isn't very good and will allow too much of that crap to get past it's own so called filters.
👍: 0 ⏩: 0
hey steven I reported this issue to DA admins with your picture here as proof. They told me to fill in this add reporting thing if its giving out viruses: [link] I wouldn't have any idea what to do so maybe you can? xD
👍: 0 ⏩: 1
Nice form. Thanks for the tip.
In fact, it gave me an idea: At some point, I may try creating a program to manually download a bunch of ads from that "rmxads" server (and also further down the ad chain), to try to determine if the problem is with "rmx" themselves or just one or two of their advertisers. If I get a really interesting result, that form might end up getting hammered!
(And I find it fascinating that they're using Google Docs for this, instead of programming their own form somewhere on dA. It's an interesting choice!)
👍: 0 ⏩: 0
Just curious, have you told an admin or anybody about this?
👍: 0 ⏩: 1
Nope, haven't bothered the admins yet...
I'm worried about risking their wrath.
👍: 0 ⏩: 1
Heh, true. They might bombard you with more ads
👍: 0 ⏩: 0
hmm,never knew,but mcafee andanti-maleware protects my cp!
👍: 0 ⏩: 0
Had no idea of such things, perhaps because I have a paid account?
👍: 0 ⏩: 1
Yeah, paid accounts don't get the ads, so they don't get the viruses.
It's all part of dA's cunning plan...
👍: 0 ⏩: 2
You still get deviantArt "promotional messages" (= ads). These are specifically excluded.
👍: 0 ⏩: 0
