 |
|
| UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
| Reply |
|
|
LinkBack | Thread Tools | Display Modes |
|
|
|
#1
Posted to uk.d-i-y
|
|||
|
|||
Well OT
On 12/04/2014 14:45, John Rumm wrote:
On 11/04/2014 21:53, Vir Campestris wrote: On 10/04/2014 01:20, John Rumm wrote: Malware that compromises ad servers is usually smart enough to only poison a very small number of ads served - so on a typically site it might only hit every 1000th visitor etc. It keeps the detection rate much lower, since there is a very small chance a AV company will sample the site at just the right moment. That doesn't work. Its common practice, so some folks obviously think it worthwhile. There's also a much smaller chance of infecting anyone. Precisely, and that is exactly why they do it. If most people who visit a site get served a "safe" ad, then the site does not acquire a reputation for serving malware, and does not draw attention to itself. However over time, they will still infect large numbers of visitors. I would anticipate that AV companies will pay more attention to sites that draw lots of reports from users than those that don't. (think about it - say every 1000th hit is the AV company, and they infect 1 in ten. After 500 hits they've infected 50, and been detected. If they went for everyone it would only take 50 hits to infect the 50 people, and be detected) Remember though that this is a compromised ad server we are talking about - so even if they go for a regular "1 in n" approach to serving malign ads (rather than a more randomised approach), the ads will be distributed over a number of web sites dictated by who is using the ad server. So infection attempts will not necessarily correlate well with visits to a particular site. By coincidence I came across this talk by a former spyware software developer, that touches on some of these things - this is the second part of a three part talk he gave at DEFCON 18: https://www.youtube.com/watch?v=lpJSEY1O_Pc Makes for quite entertaining viewing. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
| Reply |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Hybrid Mode
