For the second time in less than six months, visitors to the Drudge Report say they got malware in addition to the Web site’s usual sensational headlines.
Matt Drudge denied that his site was infecting visitors, however it’s likely that the malware is coming from ads delivered by a third-party ad network and not the site itself.
“I can personally vouch for disinfecting my mom’s desktop yesterday after visiting this Web page, even taking a screenshot after beginning remedial steps to address the attempted infection,” a CNET reader wrote in an e-mail early on Tuesday. “I’m an IT professional in South Carolina so I know and understand the technology involved.”
The screenshot the reader provided to CNET shows a pop-up warning the viewer that the system is infected with malware and looks like a typical fake antivirus warning that criminals use to scare people into paying for software they don’t need.
The reader, who asked to remain anonymous, said he did not know exactly where on the site his mother had clicked before the fake warning appeared.
It’s very possible that the malware came via an ad. Many Web sites outsource the serving of their ads and ad networks have been used to deliver malware to sites since last year, affecting sites as prominent as The New York Times.
Call it Scareware… I have seen a lot of these in the last year or so. As far as I can tell, you have to download and install this malware for any damage to occur, thus it’s not really considered a virus. Don’t fall for it.
Hey, John, I have been getting this junk on YOUR site for the past couple of months! Seriously.
Ad blocker is your friend.
just one more reason I use adblock plus . I visit drudge daily and never got the pop up because of my beloved adblock plus
#1. Use Firefox and turn on your pop up blocker. It’s really easy.
And Firefox is more friendly than Explorer.
Use Firefox and No Script.
I get malware from this site all the time: Cherman.
The Vista/7 UAC and default user accounts was supposed to help prevent this, and maybe it has to some degree. But users are still clicking OK out of frustration at that Vista UAC warning which pops up constantly.
That capture isn’t real clear, but it looks like the “Security Essentials 2010” crap that’s making the rounds in Facebook. I’ve cleaned several friend’s systems, that damn thing turns off sys restore and all manner of badness. Somebody need to prosecute that bastard company.
If you get this: MalwareBytes is a free download that is pretty good at removing it. My method is to disable all startup programs, then run MalwareBytes in Safe Mode.
#9…yeah, one machine had MB loaded already and it cleaned it well, using a restore point flushed it completely. Lucky I had MB on a flash drive for another…the malware won’t let you go to their site or update, etc.
This little beastie works well to clean up the damage when someone starts clicking the buttons in that fake application.
There even more dangerous items out there piggy-backing on the ads. Only real solution is to disable scripts (ex. in Firefox NoScript as #6 mentions). Just ad-blocker might not help you. About year ago I got virus (despite ad-block+ on Firefox) from the ad (which I haven’t even seen so no idea what it was for) on very respectable Discovery Channel site. AV detected it immediately so I could point to the source without any doubt. Reported it to DisCh. webmasters, got thanks-note but no other info. It was fully functional Trojan.
# 6
“Use Firefox and No Script.”
^^This.
NoScript is like a screen door on a house in a bug infested swamp.
What would have been a real surprise is if anybody had accused Drudge of accidentally hosting any content on his site.
Even if you leave scripting and ads turned on, ANY decent antivirus product (that immediately disqualifies out norton or macafee) should protect you.
The newish microsoft one, Security Essentials is the best free one out there, and better than most paid ones too, but there are plenty of others like Avast or AVG (the non bloated norton-clone versions anyway) that do a fine job.
Having a good hosts file is probably one of the best things you can have also. Instant blockage of thousands of bad sites with no overhead.
http://www.mvps.org/winhelp2002/hosts.htm
Im sorry that I have to use NoScript and Adblocker..
If sites would do 2 things, I could turn them off.
1. Incorporate the ADVERT into the site. When I goto a site I only allow data FROM that site, not 3rd party sites.
2. SCAN the adverts before you place them on your site. for Bots and virus.
I suggested this to MSN, after being infected (BADLY). 1 year later they removed all adverts.
I warn my customers about the net:
The internet is the best looking hooker of ALL TIME, everyone wants her, and everyone CAN. She is cheap and has a GREAT smile.
You better use 3 condoms and get your shots the NEXT DAY.
Do Mac’s have these problems?
I’m starting to get paranoid!
I did turn off all flash and am not bothered by wierd annimated ads anymore.
#14. “Even if you leave scripting and ads turned on, ANY decent antivirus product (that immediately disqualifies out norton or macafee) should protect you.”
That’s a fact.
OMG this crap has been going on forever. Its just crapware and everyone who says its no big deal is right. You would have to actually download it. At the most its annoying. But I go to Drudge often and I have never experienced it. Maybe somebody is using a older browser??
Since I switched to ubuntu and chromium no need to block trojans. Almost all (99.99%) of these clever little programs go for Microsoft platforms. M$ likes to automate everything and that leaves it like, pants down, butt in the air. That plus the fact that it’s ubiquitous, the guys doing this want to get as many suckers as they can in as short a period of time possible with a minimum of effort.
Good chance it’s Flash.
Near 100% chance they haven’t upgraded from IE 6 yet.
I had this problem last night with Digg.com
Maybe he went out on Huffington Post, got a virus and the virus was triggered by the next move which was to DrudgeReport.
Then again, maybe the leftists are fishing for a way to shut down drudgereport with a phony claim of malware. I’m sure they would get sympathetic ears from this administration. Especially now, to stop the bad news on Rahm.
Uh … go ahead and use IE. IE is for losers and I don’t really care what happens to them. Thanks!
So far I _think_ my main machine is okay but there have been times when my newest and best machine stayed off the net mostly and I just used my second best machine for surfing the net and it always runs Linux. If it gets taken out I’ll have a clean install up and running in short order not that it is likely to get taken out.
#20
When you have an environment that is able to Adapt and run a Scripting language from 6-10 different Scripting languages, and any flaw in 1 can be spread to your system.
I tend to like CHEAP and simple sites with FEW bells and whistles. And finding them is getting hard.
The only way to SEE this happening tends to be NoScript, which does 1 thing I love. Blocks 3rd party scripts..Scripts NOT from the site Im on.
i use the ultimate in antivirus protectiom LINUX!
I don’t know about Drudge Report, but I was hit by the virus, “XP2010Antivirus,” right after going to Ref Desk (run by Matt’s Father) & using the White Pages search.
OK.. i found an excellent 2min Ubuntu 9.10 Demo on YouTube that shows off the 3D graphics of the desktop. The perfect melding of logical menus with the speed and slickness of picture cubes and piles (similar to OSX) -plus native virtual desktops.
IMO.. the vista/windows7 file managers are the most annoying navigators yet.
-anyway, enjoy!
http://youtube.co/watch?v=Agx7tpISsMY&feature=related
-s
#28, there has been a huge influx
of “fakealert” type viruses the past month or so..
get a good hosts file if you haven’t
already…the Ad servers are being exploited big time..plus a lot of dns spoofing going on to..
(and make sure no file sharing or administrative shares are active in your system)
-s