Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
IOS Iphone United States

US iOS Users Targeted by Massive Malvertising Campaign (zdnet.com) 61

A cyber-criminal group known as ScamClub has hijacked over 300 million browser sessions over 48 hours to redirect users to adult and gift card scams, a cyber-security firm revealed this week. From a report: The traffic hijacking has taken place via a tactic known as malvertising, which consists of placing malicious code inside online ads. In this particular case, the code used by the ScamClub group hijacked a user's browsing session from a legitimate site, where the ad was showing, and redirected victims through a long chain of temporary websites, a redirection chain that eventually ended up on a website pushing an adult-themed site or a gift card scam.

These types of malvertising campaigns have been going on for years, but this particular campaign stood out due to its massive scale, experts from cyber-security firm Confiant told ZDNet today. "On November 12 we've seen a huge spike in our telemetry," Jerome Dang, Confiant co-founder and CTO, told ZDNet in an email. Dangu says his company worked to investigate the huge malvertising spike and discovered ScamClub activity going back to August this year.

This discussion has been archived. No new comments can be posted.

US iOS Users Targeted by Massive Malvertising Campaign

Comments Filter:
  • by ctilsie242 ( 4841247 ) on Thursday November 29, 2018 @03:55PM (#57722184)

    It is not uncommon, if you don't have an ad blocker in place on iOS, especially if you use FB's browser, to wind up being dumped to a site offering free iPhones or gift cards. So much so, that an ad blocker is a must for browsing on iOS, otherwise, your browsing screeches to a halt by a redirect and a takeover for these scams. Even legit sites get these fairly commonly.

    On Android, Dolphin Browser is the best way to browse, and that also gets rid of this problem with its innate ad-blocking.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Even legit sites get these fairly commonly.

      Which pretty much confirms there is no such thing as a 'legitimate' ad network, and that the only reasonable conclusion is to block all of them on the assumption they're corrupt and broken.

      I say until such time as this problem is 100% solved, everyone who works for an internet ad agency is fair game for a beat down for every instance of shit like this, no matter what the ad agency responsible.

      Either the ad companies find a workable solution, or eventually we run o

      • Mod this dude up!

      • by tlhIngan ( 30335 )

        Which pretty much confirms there is no such thing as a 'legitimate' ad network, and that the only reasonable conclusion is to block all of them on the assumption they're corrupt and broken.

        I say until such time as this problem is 100% solved, everyone who works for an internet ad agency is fair game for a beat down for every instance of shit like this, no matter what the ad agency responsible.

        Either the ad companies find a workable solution, or eventually we run out of people who work for ad companies. It's

    • Comment removed based on user account deletion
  • Simple solution (Score:4, Interesting)

    by ceoyoyo ( 59147 ) on Thursday November 29, 2018 @04:10PM (#57722254)

    Sites that serve ads are held responsible for damages if visitors get hijacked by those ads. In turn, those sites can hold ad providers liable. The online advertisers would tighten up their security in a hurry when the lawsuits started rolling in. We might even get to go back to plain image ads.

    • by Anonymous Coward

      Good luck proving that though. The bad guys and the ad server people seem to have a "wink, wink, nudge, nudge" relationship, so they can target older people, while leaving the people who know what they are doing alone.

  • And this is why ... (Score:2, Interesting)

    by Anonymous Coward

    This shit is why I have zero qualms with blocking all ads, and why I would never surf the web on a mobile device.

    This "allow every third party to run script" mentality the advertisers want the internet to operate on so their business model isn't disrupted is basically the conduit to this shit, because it leaves you wide open to everything. This is like saying I should leave my doors unlocked in case someone I do want in my house comes by, it's stupid.

    No, I'm not letting third party scripts execute, no you

    • Comment removed based on user account deletion
    • by rtb61 ( 674572 )

      I am fair and just (some might say a fair bastard and just a cunt, what the army can teach you) and I use script blocker https://noscript.net/ [noscript.net]. So some ad networks and websites I block and some ad networks and websites I allow to run. Advertise junk and you script is blocked, advertise reasonably and your script will survive, don't like you site, all your scripts blocked including the advertisers scripts (do not subsidise crap and lies). Also I run a cookie blocker which can block sites or allow session onl

  • Come on. Pics or it didn't happen.

    At least post the link. For science.

  • By the way if anyone here is in advertising or marketingkill yourself. It’s just a little thought; I’m just trying to plant seeds. Maybe one day they’ll take root – I don’t know. You try, you do what you can.

    (Kill yourself.)

    Seriously though, if you are, do.

    Aaah, no really. There’s no rationalisation for what you do and you are Satan’s little helpers. Okay – kill yourself.

    Seriously. You are the ruiner of all things good.

    Seriously.

    No this is not a joke. You’re [going], “There’s going to be a joke coming.” There’s no fucking joke coming. You are Satan’s spawn filling the world with bile and garbage. You are fucked and you are fucking us. Kill yourself. It’s the only way to save your fucking soul. Kill yourself

    Planting seeds.

    I know all the marketing people are going, “He’s doing a joke” There’s no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend – I don’t care how you do it. Rid the world of your evil fucking machinations. (Machi) Whatever, you know what I mean.

    I know what all the marketing people are thinking right now too: “Oh, you know what Bill’s doing? He’s going for that anti-marketing dollar. That’s a good market. He’s very smart.”

    Oh man, I am not doing that, you fucking, evil scumbags!

    “Ooh, you know what Bill’s doing now? He’s going for the righteous indignation dollar. That’s a big dollar. A lot of people are feeling that indignation. We’ve done research – huge market. He’s doing a good thing.”

    Godammit, I’m not doing that, you scum-bags! Quit putting a goddamn dollar sign on every fucking thing on this planet.

    “Ooh, the anger dollar. Huge. Huge in times of recession. Giant market. Bill’s very bright to do that.”

    God, I’m just caught in a fucking web.

    “Ooh, the trapped dollar, big dollar, huge dollar. Good market – look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar”

    How do you live like that? And I bet you sleep like fucking babies at night, don’t you?

    “What didya do today, honey?”

    “Oh, we made ah, we made ah arsenic a childhood food now, goodnight.” [snores] “Yeah we just said, you know, is your baby really too loud? You know?” [snores] “Yeah, you know the mums will love it.” [snores]

    Sleep like fucking children, don’t ya. This is your world, isn’t it?

  • There was a reason they redirected all the streams through Russia and China.

  • I guess the users deserve this torture by going to zdnet in the first place.

  • https://github.com/paul-hamman... [github.com] - a visualization of ad partners adding ad partners to a page (ad infinitum)
  • Adblock and NoScript take care of virtually all this kind of crap. Adblock stops ads from displaying (and infecting) and NoScript stops the rest of the malicious junk.

Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer

Working...