Hey, there! Log in / Register
The most dangerous newspaper in America
By adamg on Tue, 05/12/2009 - 10:25pm
I wanted to see if the Worcester Telegram had anything on the texting bus driver in Clinton, but both Google and Firefox told me telegram.com is an evil site that will steal into my house at night and take everything I own, or something. Firefox has a little "ignore" link on its "There be Dragons" page and when I clicked on it, I got to the Telegram site OK, except for a bright red banner at the top warning me: "Reported Attack Site!"
Google claims at least two pages on the Telegram site were attempting to launch malicious software on visitors' PCs today. That might have something to do with the notice on the Telegram home page about article comments being turned off "because of an issue with an outside vendor."
Topics:
Free tagging:
Ad:
Support Universal Hub
Help keep Universal Hub going. If you like what we're up to and want to help out, please consider a (completely non-deductible) contribution.
Comments
Worcester's pretty low on my
Worcester's pretty low on my list of favorite places, but not so low that I think their newspaper is trying to do me harm through the internet.
3rd party ads?
One possibility is that telegram.com sold some ads to an aggregator who then resells them. Then someone less scrupulous than the aggregator (if that is possible) could have sold some ad space to someone who was distributing malware through ads. Or sold ad space to someone to sold ads space to someone who etc. (If you bother reading a page's source, you might notice these ads because they tend to be done with javascript executing a document.write that writes out more javascript that executes another document.write that writes out more javascript, etc.)
I once knew a guy who worked for a less than scrupulous web company. Besides their own original content (if you could call it original. I never saw the site, but I'm sure it was the same clichéd poses, etc.) also had the banner ads etc. He told me that they got paid for each machine they managed to infect. If there is a financial incentive to get the malware infecting ads run on browsers, then they are going to find any opportunity they can.
langmead, I believe you've
langmead, I believe you've just figured out how to save newspapers. Newspaper Web sites team up with one of these shady companies and infect their reader's computers. With their computers down, readers are forced to go back to the print product. Problem solved.
Ayup!
Or somebody hacked their third-party provider's commenting software.
Malware financial incentive
I hope that guy is now in federal prison for computer crime. :)
Speaking of financial incentives, I have a new approach to Web filtering that blocks most of these security exploits by default. It's very simple, and I've been using a proof-of-concept of it with Firefox since last year. If anyone with deep pockets wants to fund a polished implementation of such a thing, let me know. You'd have to give the tool away, so there's little business model, and the bad guys will still be making more money than you. :)
Is this different from NoScript?
I don't know if you've seen the NoScript extension for Firefox, now in its 1.9.x version, but it too blocks most of these exploits by default. It prevents JavaScript and embedded media from running on web sites that you visit, unless you explicitly allow the site to run scripts.
No NoScript
I used NoScript before, but too many sites break with it nowadays, so I was always adding exceptions.
I'm currently doing something different.
sorry, but no.
This person doesn't live in this country, so trying and convicting him might be difficult. Also, his connection to anything illegal is relatively circumspect. He wrote software for a website. (CC payments, registration, etc. and maybe some UI work for HTML templates) that web site also used some ad management software not created by him. Some other person booked an in an ad system based on an HTML snippet a client gave him. He may have had a sleazy boss, and I know I wouldn't work for a sleazy boss, but he was about four steps away from anything illegal. (It would be like charging Dries Buytaert with libel because some one used Drupal to write a blog full of lies.)
It's been like that all day
I got the same warning first thing this morning.
This seems to happen more
This seems to happen more often than I'd expect. The Boston Latin School site spent a couple of weeks in this doghouse recently.
Visitors still being warned off
As of a couple minutes ago. I wonder if there's any urgency over there about getting this fixed? Or maybe there is and Google, being Google, is just being slow about updating their Database of Evil.
Fake Attack Sites
I've noticed this several times on sites I've been to that I know are safe. While it's great to get a notice before you surf into dangerous territory, it's still not quite perfect.
Of all the news sources to fall back on too!
Who knew that Vamp News would be an acceptable alternative to the Telegram & Gazette?
There was a malicious script
There was a malicious script injected into one of their .js file.
Here are the details:
http://blog.unmaskparasites.com/2009/05/13/noscrip...
They seems to have removed it already.