The Associated Press just served me an ad for fake anti-virus. The entire page was taken over, and forwarded to the malicious site, within seconds of opening the news article, every time.
An ad blocker isn't just something to hide some annoying eyesores, it's a vital layer of security.
If you have friends or family who might fall for fake AV or "windows technical the department" scams, they need an ad blocker. No site they visit can be considered "safe" unless it simply doesn't have ads.
Otherwise the only valid option is to become a #BenevolentDictator and forcibly.migrate them to @ubuntu / #Ubuntu LTS #Linux and never gibe them #sudo privilegues and instead forcibly update their shit per SystemD service.
@r000t Absolutely. I've gotten malware-infested ads from sites as legit as the BBC. Whenever I get a "please turn off your adblocker" message, I'm "you don't publish anything I need badly enough to risk my computing infrastructure."
@r000t the problem is not ads, a site can easily run well curated first-party ads, with no tracking bs. But the problem is they give control of placing ads to bottom feeder “ad-networks” that race to bottom
@r000t I've encountered that ad as well a week ago (usually integrated app browsers) Crazy they haven't fixed it.
Of course I have clients still clicking the first Amazon link they get when searching Amazon on Google and they end up at a MS Support Scam site. If Google still can't prevent malicious ads 🤷♂️
Ad blockers definitely are a solid security layer.
On a related note, based on the last few times I've been hit with an ad like that, I've been eventually forwarded to a real McAfee checkout page, product already in cart, ready to give them money.
I see two possibilities here:
Malware site detects a platform that the scammer's not prepared to remote into
McAfee has some sort of referral/affiliate program, which makes them complicit in malicious scareware takeover ads.
@r000t McAfee and Norton both have affiliate programs and you are almost certainly correct in that this is affiliate abuse. This has been going on for years, and usually it starts with someone accepting notifications on a dodgy or hacked site, and the next thing they know they're getting "notifications" on the desktop that look like they came from the OS, saying it's time to install/update/etc Norton/McAfee.
@briankrebs@r000t So why doesn't their checkout page indicate that you are going through an affiliate, with a "report affiliate fraud" button? Not that the answer isn't obvious.
@briankrebs@r000t As a longtime user of Qubes OS, the idea that UI environments would keep removing more and more visual context in order to make content presentation more sleek just baffles me. If you remove too much context (such as displaying mouseover URLs in the browser canvas instead outside it, near the window frame, or removing actual window frames or dividers between app controls and content) then users lose critical information about what is/isn't a system function, app function, or remote content.
And then the same orgs that trade proper context for sleekness then go on to bemoan how users keep falling for attacks and scams. And then they pelt us with "security advice" and rules that are 80% garbage.
@briankrebs@r000t I've seen an uptick from likely same actor in the past 2 weeks. Have seen redirects from Wired, Gizmodo, eonline, and many other major news sites. Same URL pattern which indicates likely same actor.
Add comment