As many website publishers whine about ad blockers destroying their revenue source we have yet another story demonstrating that ad blockers are actually security tools. Another ad network was exploited and the exploit lead to malware being distributed to visitors of the Drudge Report (which, in addition to delivering malware, also delivers brain cancer to visitors) and Wundergorund:
Millions of people visiting drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.
The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo’s ad network, exposing millions more people to the same drive-by attacks.
There are really two lessons to learn from this story. First, run an ad blocker. Second, uninstall Adobe Flash. But some people are unwilling to do the latter so they, even more than the rest of us, need to run a good ad blocker.
Personally I recommend using a tool such as NoScript to block all JavaScript from domains that haven’t been expressly white listed. But that’s a pain in the ass for many people and ad blockers act as a nice middle ground that blocks most of the crap but don’t require a lot of fine tuning to utilize.