TradeMe Virus - question

Forums › Off topic › TradeMe Virus - question

kontonnz

137 posts

Master Geek
+1 received by user: 20

#69119 3-Oct-2010 09:59

as per the article http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10677853, trademe accepted an banner advert on their website, which then infected a large number of systems.

so a couple of things, from this that struck me as would be interesting is:

a) since TradeMe accepted the advertisement, do they take a portion of liability in regards to clean up costs, this been more relevant since trademe accepted the advertiser which from my understanding was not legitimate.

b) the very justification for advertisement blocking is this, what guarantees are in place on ad networks in ensuring security of those who view their ads.

something that seems to be becoming more prevalent is attacks via ad networks, and a number of major websites have been found wanting in this area.

*out of curiosity, would this, could this happen via geekzone......, my feeling is possibly if using 3rd party ad network which i think you have to do in order to get paid*

raab

262 posts

Ultimate Geek
Inactive user

#387325 3-Oct-2010 10:04

Anyone whose argument for not running any antivirus is to not browse any dodgy sites is immediately invalidated by such an example above.

I doubt they'll accept responsibility given it probably only infected people running IE6 with no antivirus running :p

kontonnz

137 posts

Master Geek
+1 received by user: 20

#387328 3-Oct-2010 10:16

I never said anything about whether they were running A/V or not, nor the state of the systems i.e. patch levels etc. and trademe is not what i would call a dodgy site.....

also while most infections born out will be i.e. 6, I know of a least a couple of Internet explorer 8 users infected, and they are running various AV on their systems, were they 100% up to date, not all, most would be one or two updates out of sync, been home users this would be typical.

and even corporates that rely on very specific software web based, might not be able to patch as it would break core functionality of the software the business depends on, and again not expecting trademe to be a source of infection compared to other...

as to Trademes liabilityI think that could stem from the fact they accepted the advertiser from someone purporting to be a representative their QA did not pick this up, this opens them for liability I think.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41044

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#387329 3-Oct-2010 10:23

I think this is not a justification for "blocking ads", otherwise you'd have to use the "don't use pirate software" justification and we all know it does not work like that.

Also, a website can be compromised in other ways. A worm could infect the servers and inject malicious javascript code in all output to external addresses, while not showing anything on internal addresses. This mean a site could be spreading malware even though it's not running ads at all.

This is the first thing. Now to answer your question... Would Trade Me be liable? Very good question. Have you read their terms and conditions of use? For example most ISPs will say that you must ensure your system is up to date and clean. This will probably exempt them of attacks by worms.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41044

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#387332 3-Oct-2010 10:27

kontonnz: out of curiosity, would this, could this happen via geekzone......, my feeling is possibly if using 3rd party ad network which i think you have to do in order to get paid*

It could happen to any content provider. We currently run ads through Google DFP (our ad serving solution provider) that are hosted through Google DFP, or through known ad hosting companies. We also load all ads a few days before it goes live and check the creatives.

Of course a malicious "customer" could load clean creatives, wait until the campaign is up and running ok, to them switch creatives to a malware seeding one.

Or the ad hosting platform could have been infected - not the ad itself, but their servers.

An infinite variety of attack forms exist. We do our best to keep things in check and test creatives.

It seems in the Trade Me case though it was different. From reports (which I have not confirmed, only read in the papers), they accepted ads from someone pretending to be the advertiser. That's a lot of social engineering going even before the ads are actually running, right?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

kontonnz

137 posts

Master Geek
+1 received by user: 20

#387335 3-Oct-2010 10:31

true websites can be compromised in numerous ways the recent asp.net vulnerability where MS released an out of band patch this week is an example of this;

justification of ad blocking, is a separate arg, which I will skip.

TradeMe terms and conditions you would have a good point, only one problem, you don't have to sign up to be exposed to advertising, and in this case the malware.

having terms and conditions and then wiping your hands free of liability does not necessarily mean you are not liable.

The thing is ad networks are been more and more utilized for an attack vector and surely their is an incumbent on website operators and ad networks to ensure the security of the ads offered.
just as their is an incumbent on users to ensure that their OS is upto date.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41044

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#387338 3-Oct-2010 10:33

The biggest problem there is that Trade Me alone is responsible for 60% of all Internet traffic in New Zealand. This could be huge...

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Dell

Shop now for Dell laptops and other devices (affiliate link).

kontonnz

137 posts

Master Geek
+1 received by user: 20

#387340 3-Oct-2010 10:34

It seems in the Trade Me case though it was different. From reports (which I have not confirmed, only read in the papers), they accepted ads from someone pretending to be the advertiser. That's a lot of social engineering going even before the ads are actually running, right?

I would say a very good dose of a social engineering attack, and highly effective...

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41044

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#387361 3-Oct-2010 12:08

One interesting point someone made to me... The article is not clear if the ad itself was the vector, or the clickthrough lead to an infected page.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

hellonearthisman

1819 posts

Uber Geek
+1 received by user: 52

Trusted

#387364 3-Oct-2010 12:19

I find it funny they call it a virus, when it's malware and required a user to click on it to activate it.

tristanb

89 posts

Master Geek

ID Verified

#387423 3-Oct-2010 16:47

raab: Anyone whose argument for not running any antivirus is to not browse any dodgy sites is immediately invalidated by such an example above.

I heard they conned people to running the program by saying they had a virus, and downloading the software to protect themselves.

I don't use any antivirus software. Nowadays it doesn't protect you from anything - I've tried so long to submit a USB-stick virus to the one my work uses, it's impossible, they don't want to protect people from viruses, they just want to make a mint selling their useless software. Norton and McAffee have always slowed computers down so much - although I am told they are getting better.

As long as anti-virus companies, banks, and ill-informed IT guys are saying AV software is a must, and that viruses will mysteriously travel down the internet, people are going to be paranoid and easily engineered into installing malware on their computer.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41044

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#387424 3-Oct-2010 16:49

Some malware will "mysteriously travel down", specially in older browsers where downloads and installs could be initiated behind the scenes, by simply executing an ObjectX (things got much better in the last few years, but blame those running old browsers).

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Lego

Shop now for Lego sets and other gifts (affiliate link).

garvani

1873 posts

Uber Geek
+1 received by user: 83

Trusted

#387569 4-Oct-2010 10:08

We already have three machines in the workshop with the trademe malware, i havnt had a chance to see what it is but im expecting to be greeted with personal antivirus or something similar..

Nety

2584 posts

Uber Geek
+1 received by user: 5

Retired Mod

Trusted

Lifetime subscriber

#387589 4-Oct-2010 10:54

This is a growing problem where some malware looks VERY convincing if you don't know what you are looking at.

@tristanb sorry but IT pro's are not ill-informed. Most have been though a virus outbreak or two and know damn well that although antivirus software is not perfect it is a hell of a lot better then nothing.
As for the antivirus companies just wanting to make you buy "useless" software there are plenty of options out there which are free to home users.

Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

kontonnz

137 posts

Master Geek
+1 received by user: 20

#387642 4-Oct-2010 12:49

malware is very sophisticated nowadays just look at Zeus as an example and even their C&C systems are growing in sophistication, its a growing challenge for IT pros, to stay ahead of the game, and for uneducated users I think nigh on impossible.

Malware uses multiple attack vectors ranging from social to using venerabilities in the OS, the attack that came from tradme appears very sophisticated, for them to have been take in by someone to accept the advertising, and as much as trademe says they will do what they can to catch these people i wish em luck, but hold no hope for their success..

Not running any form of protection is well on nigh irresponsible nowdays, and if your a business who losses data due to infection you need to ask are you upto date and have backups cause if you dont, you might not be insured...