Author Topic: malware ("Flash update") in the ad suite  (Read 9683 times)

0 Members and 1 Guest are viewing this topic.

malware ("Flash update") in the ad suite
« on: March 12, 2020, 10:46:45 AM »

Offline mmmmm

  • NCE
  • Rajon Rondo
  • *****
  • Posts: 5308
  • Tommy Points: 862
When I open a Celticsstrong.com page without full blocking on it, after a couple of seconds of ad rendering, one of them slams the page with the classic fake "Your Adobe Flash Player is out of date!" scam.   This takes over the browser page, of course.

The source site seems to be "wewe.saaviwk.site" but that is probably a secondary from wherever the original ad comes from that is injecting this.

I haven't had time to try to fully trace it.

Firefox in 'strict' mode blocks it.
NBA Officiating - Corrupt?  Incompetent?  Which is worse?  Does it matter?  It sucks.

Re: malware ("Flash update") in the ad suite
« Reply #1 on: April 07, 2020, 09:42:15 AM »

Offline slamtheking

  • NCE
  • Red Auerbach
  • *******************************
  • Posts: 31869
  • Tommy Points: 10047
been getting the same thing for a couple of weeks.  is the site infected or is there something else allowing these scam pages to hack into this site?  I only get this issue with this site.  that bogus page looks really legit so some people that get this crap might get scammed/infected.

even with content blockers on Safari, the site keeps popping in.

Re: malware ("Flash update") in the ad suite
« Reply #2 on: April 07, 2020, 01:10:51 PM »

Offline mmmmm

  • NCE
  • Rajon Rondo
  • *****
  • Posts: 5308
  • Tommy Points: 862
been getting the same thing for a couple of weeks.  is the site infected or is there something else allowing these scam pages to hack into this site?  I only get this issue with this site.  that bogus page looks really legit so some people that get this crap might get scammed/infected.

even with content blockers on Safari, the site keeps popping in.

It is definitely in one of the ads.   I did a complete, updated virus scan first and then started with a fresh Safari (with content blockers & pop-ups on) and a completely cleared cookie cache.  I then opened up Celticstrong.com and waited on the splash page (which has no ads).  Nothing.  I then clicked over to the Forums index page and waited.  As the ads rendered, after a few seconds, sure enough, the browser redirected to the fake Adobe Flash Update scam.   Also, after that, the browser cookie cache was filled up with a bunch of dubious looking cookies.

I could not get it to stop redirecting with plain-vanilla Safari, no matter what I did with the various settings.  I finally installed "AdBlock Pro for Safari", which was just $10 off the App Store.  Just followed the directions for that and it worked like a charm.  Completely blocks the malware ads.   If you want to save $10, you can try regular "AdBlock for Safari" (different maker), which is free and _used_ to get great reviews, but has had some complaints and issues in more recent times.

FireFox was able to block this without needing a plugin.  I didn't try Chrome.
NBA Officiating - Corrupt?  Incompetent?  Which is worse?  Does it matter?  It sucks.

Re: malware ("Flash update") in the ad suite
« Reply #3 on: April 07, 2020, 01:27:01 PM »

Offline KGs Knee

  • Frank Ramsey
  • ************
  • Posts: 12749
  • Tommy Points: 1544
Interesting...I've never had this happen to me on this site.

I use chrome on my work and personal laptops, and my phone is an older blackberry I've had since 2012 (not sure what browser it is - but it blocks pretty much everything).

Re: malware ("Flash update") in the ad suite
« Reply #4 on: April 07, 2020, 02:41:57 PM »

Offline Monkhouse

  • Paul Silas
  • ******
  • Posts: 6932
  • Tommy Points: 814
  • A true Celtic plays with heart.
been getting the same thing for a couple of weeks.  is the site infected or is there something else allowing these scam pages to hack into this site?  I only get this issue with this site.  that bogus page looks really legit so some people that get this crap might get scammed/infected.

even with content blockers on Safari, the site keeps popping in.

It is definitely in one of the ads.   I did a complete, updated virus scan first and then started with a fresh Safari (with content blockers & pop-ups on) and a completely cleared cookie cache.  I then opened up Celticstrong.com and waited on the splash page (which has no ads).  Nothing.  I then clicked over to the Forums index page and waited.  As the ads rendered, after a few seconds, sure enough, the browser redirected to the fake Adobe Flash Update scam.   Also, after that, the browser cookie cache was filled up with a bunch of dubious looking cookies.

I could not get it to stop redirecting with plain-vanilla Safari, no matter what I did with the various settings.  I finally installed "AdBlock Pro for Safari", which was just $10 off the App Store.  Just followed the directions for that and it worked like a charm.  Completely blocks the malware ads.   If you want to save $10, you can try regular "AdBlock for Safari" (different maker), which is free and _used_ to get great reviews, but has had some complaints and issues in more recent times.

FireFox was able to block this without needing a plugin.  I didn't try Chrome.

If you download Easy Ad Blocker for Chrome it automatically blocks it on the laptop, unfortunately I have the same extension on my mobile, and it doesn't seem to do the same.

It gets annoying after a while, which is why I've frequented the website less on my phone; if at all.
"I bomb atomically, Socrates' philosophies and hypotheses
Can't define how I be dropping these mockeries."

Is the glass half-full or half-empty?
It's based on your perspective, quite simply
We're the same and we're not; know what I'm saying? Listen
Son, I ain't better than you, I just think different

Re: malware ("Flash update") in the ad suite
« Reply #5 on: April 07, 2020, 03:07:01 PM »

Offline hpantazo

  • Kevin McHale
  • ************************
  • Posts: 24882
  • Tommy Points: 2700
This happens to me all the time on here lately, and I've largely reduced my visits here because of it. If it keeps up, I may just decide to disappear from these forums for a while, it gets really frustrating.

First the darn video popup ad in the bottom right corner , now this on top of it.

Re: malware ("Flash update") in the ad suite
« Reply #6 on: April 07, 2020, 04:08:20 PM »

Offline mmmmm

  • NCE
  • Rajon Rondo
  • *****
  • Posts: 5308
  • Tommy Points: 862
This happens to me all the time on here lately, and I've largely reduced my visits here because of it. If it keeps up, I may just decide to disappear from these forums for a while, it gets really frustrating.

First the darn video popup ad in the bottom right corner , now this on top of it.

Have you tried installing an ad-blocker?   Or switching to using a different browser?  FireFox's "strict" security mode seems able to block it.

It's important to note that his problem is not really directly from Celticsstrong.com.   The problem is that one of the ad sources in the ad suite has been compromised.   The problem code probably never goes through CS at all.  CS embeds tags to pull the ad suite into the page, with the click-through signatures added for monetization.  Then the browser client pulls the ad content from elsewhere and it's from there that the scam code is coming from.

Another site that seems to have the exact same issue is India Today (https://indiatoday.in) -- go there without ad-blocking and after a few seconds you will get redirected to the exact same fake Adobe Flash Update page -- even on the exact same server.  They are probably monetizing by embedding an ad suite that includes the same bad channel.   

What needs to be done is some detective work to trace down which exact ad channel it is coming from but I personally just don't have the time to do that.  Adblock Pro is doing a fine job and I'm going to leave it on.
NBA Officiating - Corrupt?  Incompetent?  Which is worse?  Does it matter?  It sucks.

Re: malware ("Flash update") in the ad suite
« Reply #7 on: April 07, 2020, 04:12:14 PM »

Offline Monkhouse

  • Paul Silas
  • ******
  • Posts: 6932
  • Tommy Points: 814
  • A true Celtic plays with heart.
This happens to me all the time on here lately, and I've largely reduced my visits here because of it. If it keeps up, I may just decide to disappear from these forums for a while, it gets really frustrating.

First the darn video popup ad in the bottom right corner , now this on top of it.

What's your web browser? Chrome/Fire Fox if you install extension Adblock, it works like a charm.
"I bomb atomically, Socrates' philosophies and hypotheses
Can't define how I be dropping these mockeries."

Is the glass half-full or half-empty?
It's based on your perspective, quite simply
We're the same and we're not; know what I'm saying? Listen
Son, I ain't better than you, I just think different

Re: malware ("Flash update") in the ad suite
« Reply #8 on: April 07, 2020, 04:46:47 PM »

Offline slamtheking

  • NCE
  • Red Auerbach
  • *******************************
  • Posts: 31869
  • Tommy Points: 10047
just out of curiosity, can the site go back to the advertisers and tell them to pull their ads until they fix this?  I would think there's some understanding that ads cannot provide infected materials to other sites

Re: malware ("Flash update") in the ad suite
« Reply #9 on: April 07, 2020, 05:14:57 PM »

Offline mmmmm

  • NCE
  • Rajon Rondo
  • *****
  • Posts: 5308
  • Tommy Points: 862
just out of curiosity, can the site go back to the advertisers and tell them to pull their ads until they fix this?  I would think there's some understanding that ads cannot provide infected materials to other sites

In theory, yes.  But in detail, I don't know.  I don't know the particulars of how CS' ad suite is setup.

We need byennie to chime in on that.  I sent him a private message.
NBA Officiating - Corrupt?  Incompetent?  Which is worse?  Does it matter?  It sucks.

Re: malware ("Flash update") in the ad suite
« Reply #10 on: April 10, 2020, 02:45:36 PM »

Offline byennie

  • Webmaster
  • Jim Loscutoff
  • **
  • Posts: 2572
  • Tommy Points: 3033
just out of curiosity, can the site go back to the advertisers and tell them to pull their ads until they fix this?  I would think there's some understanding that ads cannot provide infected materials to other sites

In theory, yes.  But in detail, I don't know.  I don't know the particulars of how CS' ad suite is setup.

We need byennie to chime in on that.  I sent him a private message.

Hey guys, sorry for the slow reply. I didn't initially see this topic, and am not getting the malware on my end. Unfortunately this has been an ongoing whack-a-mole with all of the ad networks. We don't sell anything direct, so what happens is maybe 0.1% of their inventory turns out bad, and since it's frequently targeted by companies like Google, Facebook, it affects certain users but not others.

I can tell you that right now we only work with two companies: Snack Media, and CleanMedia. The former is a UK agency that specializes in sports content, the latter is a "family friendly" network responsible for the video spot. I try to select companies who will work with us directly (i.e. I have a direct line to report issues) and have a good reputation, but unfortunately at our scale they are almost all reselling from something like Google Ad Exchange as their foundation, which is not a 100% clean source. If we were part of something bigger like SBNation still, we'd have in-house people running all of the ad placements... (or just ignore the forum =)).

I may try another round of mitigation here, and pull some spots. Keep me informed and definitely send me email and/or PMs when you see something. Ad blockers are a good recommendation though I 100% understand the aggravation of having issues in the first place.

A bridge I've tried not to cross for various reasons is selling a premium ad-free experience, because I know it's a big ask to pay for the forum, but I'm always listening if there is a demand.

Re: malware ("Flash update") in the ad suite
« Reply #11 on: April 10, 2020, 03:22:03 PM »

Offline mmmmm

  • NCE
  • Rajon Rondo
  • *****
  • Posts: 5308
  • Tommy Points: 862
just out of curiosity, can the site go back to the advertisers and tell them to pull their ads until they fix this?  I would think there's some understanding that ads cannot provide infected materials to other sites

In theory, yes.  But in detail, I don't know.  I don't know the particulars of how CS' ad suite is setup.

We need byennie to chime in on that.  I sent him a private message.

Hey guys, sorry for the slow reply. I didn't initially see this topic, and am not getting the malware on my end. Unfortunately this has been an ongoing whack-a-mole with all of the ad networks. We don't sell anything direct, so what happens is maybe 0.1% of their inventory turns out bad, and since it's frequently targeted by companies like Google, Facebook, it affects certain users but not others.

I can tell you that right now we only work with two companies: Snack Media, and CleanMedia. The former is a UK agency that specializes in sports content, the latter is a "family friendly" network responsible for the video spot. I try to select companies who will work with us directly (i.e. I have a direct line to report issues) and have a good reputation, but unfortunately at our scale they are almost all reselling from something like Google Ad Exchange as their foundation, which is not a 100% clean source. If we were part of something bigger like SBNation still, we'd have in-house people running all of the ad placements... (or just ignore the forum =)).

I may try another round of mitigation here, and pull some spots. Keep me informed and definitely send me email and/or PMs when you see something. Ad blockers are a good recommendation though I 100% understand the aggravation of having issues in the first place.

A bridge I've tried not to cross for various reasons is selling a premium ad-free experience, because I know it's a big ask to pay for the forum, but I'm always listening if there is a demand.

Thanks, byennie, for the response.   These kinds of issues are definitely a case of 'whackamole'.  And it's extra tricky because there are so many different browser client setups and not everyone will see issues that others will see.   So we all have to try to communicate and share these issues (as well as our workarounds) so they can be spotted and mitigated.
NBA Officiating - Corrupt?  Incompetent?  Which is worse?  Does it matter?  It sucks.