Millions menaced as ransomware-smuggling ads pollute top websites

[Dude111]

www.theregister.co.uk/2016/03/15/massive_us_malvertising_campaign

And they wonder why people block ads!!!

Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs.

Websites visited by millions of people daily – msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com, thehill.com, zerohedge.com and more – are accidentally pushing out booby-trapped adverts via ad networks, warn infosec researchers. [more]

I wonder if the attack is staged to try and get thru to these sites that try to force ppl to view thier spam ads??

 

[MontyAC]

Use this new anti-ransomeware beta program from Malwarebytes:

https://malwarebytes.box.com/s/uluqe6ms2l36bsxkudurlr7yr8lp6d8g


https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware/

 

[master_shake_]

Use this new anti-ransomeware beta program from Malwarebytes:

https://malwarebytes.box.com/s/uluqe6ms2l36bsxkudurlr7yr8lp6d8g


https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware/

https://adblockplus.org/

this one is better.

 

[KeithP]

Use this new anti-ransomeware beta program from Malwarebytes:

https://malwarebytes.box.com/s/uluqe6ms2l36bsxkudurlr7yr8lp6d8g


https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware/

Malwarebytes hypes security exploits and their own products for protection against the exploits while failing to mention you don't need to pay anyone a penny to protect yourself. Just keep all your software up to date and not be using an account with admin privileges. I don't trust them anymore, they are basically scam artists now.

-KeithP

 

[MontyAC]

I use uBlock:

https://github.com/gorhill/uBlock

 

[bononos]

Does ransomware infect android phones? I think FF is the only android browser that allows plugins at the moment.

 

[lxskllr]

Does ransomware infect android phones? I think FF is the only android browser that allows plugins at the moment.

I haven't heard of it. It's technically possible though. Not as much value on a phone, so they'd get fewer paydays. Maybe if they reduced the decryption price...

 

[sbpromania]

Does ransomware infect android phones? I think FF is the only android browser that allows plugins at the moment.

Like it was said above, they would not get much of smartphone devices, unless they infect specific targets (mobile devices that are used for business, medical etc.)

 

[Red Squirrel]

And this is why I use an ad blocker and noscript.

There's too many 3rd party garbage on websites now days. Not just ads but other stupid crap, like even scripts which are hosted on another server. Completely idiotic and opens so many doors for attackers.

 

[VirtualLarry]

Malwarebytes hypes security exploits and their own products for protection against the exploits while failing to mention you don't need to pay anyone a penny to protect yourself. Just keep all your software up to date and not be using an account with admin privileges. I don't trust them anymore, they are basically scam artists now.

-KeithP

Gibson Research produced a neat little utility that blocks Windows 10 upgrades on Windows 7 and 8.1 machines. The same effect (and probably how the program works) can be achieved by a simple registry edit. Is GRC a scam artist now too?

And just keeping your software up to date, and running a Limited User account, will NOT block crypto-based Ransomware. That's one reason why it's so insidious. (Edit: Because it can run in a limited-user account, it doesn't need Admin privileges to access your personal files in your Limited User account.)

 

[Elixer]

And just keeping your software up to date, and running a Limited User account, will NOT block crypto-based Ransomware. That's one reason why it's so insidious. (Edit: Because it can run in a limited-user account, it doesn't need Admin privileges to access your personal files in your Limited User account.)

The files that are read-only in a limited user account can't be written over, unless the ransomware gains admin access.
So, the problem here is, everyone is running admin access accounts, and the ransomware has 0 access controls on anything.

Windows needs a "sudo" command.

 

[lxskllr]

Windows needs a "sudo" command.

uac is kind of a sudo. The last version I used was Vista, and it was always a mystery to me what required root access. I hear it's gotten better, but I suspect it's still convoluted.

 

[TheRyuu]

uac is kind of a sudo. The last version I used was Vista, and it was always a mystery to me what required root access. I hear it's gotten better, but I suspect it's still convoluted.

You can also do the smart(er) thing and just have two accounts, one admin and one a regular user where you use the standard user account on a daily basis. It will prompt for the admin password if it's needed. I believe this setup offers more of a security barrier than just UAC alone on an admin account. I would also recommend running UAC set to max (always notify).

 

[balloonshark]

You can also do the smart(er) thing and just have two accounts, one admin and one a regular user where you use the standard user account on a daily basis. It will prompt for the admin password if it's needed. I believe this setup offers more of a security barrier than just UAC alone on an admin account. I would also recommend running UAC set to max (always notify).

This is what I do. Once I install windows, drivers, apps and tweaks I then create a standard user account for daily use. I'm not sure why anyone would run as an admin since Vista was released. Using a standard user account is a simple way to add another layer of protection.

 

[MustISO]

Haven't tried this software yet but seems like it might at least help reduce the chance of ransomware doing damage.

https://www.foolishit.com/cryptoprevent-malware-prevention/

 

[Elixer]

Haven't tried this software yet but seems like it might at least help reduce the chance of ransomware doing damage.

https://www.foolishit.com/cryptoprevent-malware-prevention/

CryptoPrevent is a security tool that writes 200+ group policy object rules into the registry in order to prevent executables in specific locations from running. CryptoPrevent can be used to lock down any Windows OS to prevent infection by crypto ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, %userprofile%, %programdata%, Recycle Bin, Startup Folder) from running. Due to the way that CryptoPrevent works, it protects against a wide variety of malware and ransomware. There are several levels of protection but most users only need to use the default setting - "Set it and forget it" protection. The Free Edition allows you to manually check for updates regularly by using the update function inside the program

Interesting approach...