Ads hijacking your browser?

[chayton]

Earlier today I was looking up a recipe. Side note: this is going to sound stupid, but I was looking up garlic toast - I always just do it under the broiler, but someone told me to bake it first for a bit so I was looking for what I should have my oven temperature at.

Anyhow, off to trusty google, typed in 'garlic toast recipe', and bam presto, a whole pile of cooking related sites with recipes. I click on the first or second one, I get to the site, it's a normal cooking site with the recipe I'm looking for and some ads and whatnot on the page. I'm happily reading the recipe and suddenly the browser window does this weird hiccup and hijacks me to some page with video stills of naked women sitting on toilets, my virus protection starts popping up alerts all over the place, the browser is asking permission to open even more stuff or download content, and I'm like WTF? I try to close the window and these alerts jump out and finally I had to kill IE to get out of there.

So...I'm pretty sure it's nothing from my computer, I've got good virus protection and a firewall and run spyware blocker all the time. I'm wondering if one of the ads on the site loaded and had a browser hijack or redirect script in it? Any of you techies know of something like that? I'm just wondering if it was something on the site if I should let them know?

 

[maxd]

... I've got good virus protection and a firewall and run spyware blocker all the time.

From my experience filtering web page content is not something your garden variety AV, firewall, etc handles well. Many AV packages have an "internet protection" option (for an additional fee) and that's where you're going to get the tools to detect and/or block malicious scripts, etc. FWIW I use Kaspersky Internet Security (or whatever it's called) on my WinXP installations, very seldom get nailed by a rogue website the way you described. YMMV.

Should add that AdBlock Plus in Firefox works wonders on cutting down the ad crap on webpages. I prefer NOT to use the pre-fab block lists, instead roll my own but that takes time. In the long run though it works wonders.

As an aside IE is probably the worst choice as a browser if you are trying to beef up your internet security. Thing is old, full of holes, and will never be a secure environment for surfing. Just saying.

 

[Seventh777]

What Max said, also for Firefox there is an add-on called NoScript, it`s awesome . there are certain nasties out there that any kind of virus scanners/malware security/firewalls miss, and the worst of the worst of these are keyloggers .

 

[maxd]

... for Firefox there is an add-on called NoScript ....

Quite so! Good mention. I'd forgotten I use that too on my work version of FF (loaded to the gills with security stuff because of all the dodgy casino sites, etc I visit in the course of my PAB work. Cripples normal surfing though. ).

 

[vinylweatherman]

I had this long ago. I played an MP3 music file downloaded from a long since closed network, and it suddenly opened IE and fired loads of pages and popups for porn. Windows Media Player supports functionality that allows music tracks to load related content into the preview pane, and I suspect this is how the attack worked. It is not just browsing that can do this, but innocent media files loaded with malicious content. The same thing can be done with GIF image formats, and MS Word. Presumably other related products that allow links to external documents can similarly be used to mount such an attack.

Third party toolbars are another means to get past security, and lots of free software now comes with it's own toolbar, usually installed by default, and care has to be taken to find out how to opt out of this step, as the design of the installer cleverly makes it more complicated a process than necessary, even to the point of pretending the toolbar install step is necessary as part of the software.

 

[Mousey]

Sheesh... hackers and malware twits are such a pain in the ass.

Hackers can easily inject malware into an innocent page that has poor security. Usually they will inject the malware into one of those rotating ads and the webpage owner never knows about it. Hubby's browser/desktop/computer got hijacked like that a couple years ago. He was looking at poker chips on one of those photo sharing sites. Took me 12 solid hours of cleaning and rebooting using various little cleaners to get that crap off there. If I hadn't had my (clean) computer for tracking down how to fix it I don't know what we would have done.

 

[maxd]

... hackers and malware twits are such a pain in the ass.

+1 to that. In my dreams there is a special little corner of Purgatory where these low-lifes are detained. Their victims get to visit, rent a pair of steel-toed boots and kick the shit out of the scumbags for as much time as they wasted of the victim's life with their miscreat behaviour. There is a long waiting list and some very satisfied visitors.

 

[slotplayer]

I just registered my avast. it was only about $21 bucks 80% off, it was the last day of the 30 trial, so well worth it.

last year I had the paid norton and the year before that the paid webroot security suite.

The avast seems to be the best of the three and it speaks.

Another good one is malwarebytes.