Ad network uses advanced malware technique to conceal CPU-draining mining ads

[Donut417]

1 minute ago, DeadEyePsycho said:

https://noscript.net/getit

It only works in Firefox. States that directly on the download page. 

[2FA]

Just now, Donut417 said:

It only works in Firefox. States that directly on the download page. 

RIP

 

I realized after posting.

 

There's this: https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-US

[Blademaster91]

16 minutes ago, Energycore said:

I guess it could be worse.

12 tabs open, if you need more than 12 then you should reconsider your personal order

I can easily get over 100 tabs, but Mozilla thought it was a great idea to copy Chrome and add tab processes instead of making a more efficient browser lol.

Anyway looks like i have to add noscript on top of ublock & ghostery.

[Donut417]

1 minute ago, Energycore said:

No chrome in there

So.... Firefox for Android supports extensions. Like Ad Block....... How well does it work on a phone in terms of battery drain and performance? 

[2FA]

Just now, Donut417 said:

So.... Firefox for Android supports extensions. Like Ad Block....... How well does it work on a phone in terms of battery drain and performance? 

From what I've used of it, it's not really any different than other standard capability browsers. Loads fast, though you have to be precise when touching buttons/links for it to register them whereas Chrome has a pretty large margin of error area when "clicking" stuff.

[Energycore]

2 minutes ago, Donut417 said:

So.... Firefox for Android supports extensions. Like Ad Block....... How well does it work on a phone in terms of battery drain and performance? 

I actually use chrome on my phone since I basically don't ever use my phone for the internet

 

So I couldn't tell you.

1 minute ago, DeadEyePsycho said:

From what I've used of it, it's not really any different than other standard capability browsers. Loads fast, though you have to be precise when touching buttons/links for it to register them whereas Chrome has a pretty large margin of error area when "clicking" stuff.

Right, the way Chrome handles you hitting an area where a bunch of buttons are located I feel makes a lot of sense.

[2FA]

Just now, Energycore said:

Right, the way Chrome handles you hitting an area where a bunch of buttons are located I feel makes a lot of sense.

I like both ways to be honest. It's easy to hit the wrong link in Chrome, and it's easy to miss the link altogether in FF. Both problems are equally annoying to me.

[MoonSpot]

42 minutes ago, Energycore said:

Oh that reminds me I don't have Ghostery enabled.

I got rid of it myself awhile back, did it stop being shit now?  What's the point in having it if they're just going to sell your data?

 

But anyways, NoScript is a must.  Surfing without NoScript is like rolling around naked in sewage and expecting not to get dirty.

[Energycore]

Just now, MoonSpot said:

I got rid of it myself awhile back, did it stop being shit now?  What's the point in having it if they're just going to sell your data?

I actually can't remember why I stopped using Ghostery, it's been a while. It may very well have been due to them selling user data, which completely defeats the purpose of the service they offer.

 

But my memory is worse than a bird's. Get it? No? Ok I'll see myself out.

[2FA]

2 minutes ago, MoonSpot said:

I got rid of it myself awhile back, did it stop being shit now?  What's the point in having it if they're just going to sell your data?

They were bought by a privacy focused German company called Cliqz last year. That also has the added of effect of the privacy rules of Germany also applying. Any telemetry they still have is optional.

[mr moose]

Can't we just block access to all domains names that are nonsensical and suffer the inconvenience of having to white list as needed.  

 

Also I keep coming back to my idea of having a stripped down browser that can do nothing more than view pictures.  can't run scripts, can't execute anything. Has no permissions etc. 

[Energycore]

Just now, mr moose said:

Can't we just block access to all domains names that are nonsensical and suffer the inconvenience of having to white list as needed.  

 

Also I keep coming back to my idea of having a stripped down browser that can do nothing more than view pictures.  can't run scripts, can't execute anything. Has no permissions etc. 

I think the best we can do is for someone trustworthy to create a curated noscript list of allowed domains, then you uploading that to your extension. I know AdBlock did that when I first installed it (I'm now on ublock instead)

[2FA]

1 minute ago, mr moose said:

Can't we just block access to all domains names that are nonsensical and suffer the inconvenience of having to white list as needed.

You can do that with uBlock.

 

2 minutes ago, mr moose said:

Also I keep coming back to my idea of having a stripped down browser that can do nothing more than view pictures.  can't run scripts, can't execute anything. Has no permissions etc.

That sounds awful from a practical standpoint, and wholly unnecessary for regular users. I understand your reasoning but more and more of internet is relying on JS for functionality.

[Zodiark1593]

56 minutes ago, DeadEyePsycho said:

I like both ways to be honest. It's easy to hit the wrong link in Chrome, and it's easy to miss the link altogether in FF. Both problems are equally annoying to me.

I prefer Firefox myself, though it's lacking performance (especially in scrolling) brings me back to Chrome.

[captain_to_fire]

17 minutes ago, mr moose said:

Can't we just block access to all domains names that are nonsensical and suffer the inconvenience of having to white list as needed.  

 

Also I keep coming back to my idea of having a stripped down browser that can do nothing more than view pictures.  can't run scripts, can't execute anything. Has no permissions etc. 

Your anti-virus program can do that automatically as they constantly update their blacklisted sites which includes stealthy cryptomining scripts.

[mr moose]

8 minutes ago, hey_yo_ said:

Your anti-virus program can do that automatically as they constantly update their blacklisted sites which includes stealthy cryptomining scripts.

I thought the problem was they could generate more domains than the AV could list.

 

 

17 minutes ago, DeadEyePsycho said:

You can do that with uBlock.

 

That sounds awful from a practical standpoint, and wholly unnecessary for regular users. I understand your reasoning but more and more of internet is relying on JS for functionality.

 

It would just be for sites that are non interactive, like news sites, company information and PDF downloads and things like looking at timetables for trains.

 

You'd still need another browser for all the interactive stuff like forums, banking, anything with complex search functions, etc.

 

I personally like the idea of an ad not being able to be anything other than be a picture that hyperlinks to a website.

 

 

 

[captain_to_fire]

6 minutes ago, mr moose said:

I thought the problem was they could generate more domains than the AV could list.

Some AV programs detect behavior and don't rely on signatures so in the likelihood that someone comes up with a new mining script, the AV program detects the untrusted behavior characteristic of a cryptomining script and blocks it from executing and a lot of them constantly report unusual behavior to the AV cloud servers for analysis.

[NoRomanBatmansAllowed]

Firefox Quantum is much better for crappy computers without too much RAM.

 

With 4GB RAM and some random laptop Pentium from the core-2-duo days, firefox runs pretty well with 6 tabs, though the fans start spinning up.

Chrome just gets basically shut off at 4 tabs, and start-up takes much longer.

[Bananasplit_00]

Or, ya know, you can just press ctrl + W the instant you get a pop add, or hover over the browser and check what's open and close all the shit you didn't open. It's really not much of a hassle

[Technous285]

2 hours ago, Bananasplit_00 said:

Or, ya know, you can just press ctrl + W the instant you get a pop add, or hover over the browser and check what's open and close all the shit you didn't open. It's really not much of a hassle

This isn't about shit opening new windows, this is about shit running in the background of a site you wanted to visit and trying to hide its existence from the end user.

[ScratchCat]

6 hours ago, mr moose said:

I thought the problem was they could generate more domains than the AV could list.

The malware/script must use the correct domain to get the script. For this to occur it must be able to deterministically generate the domains , each entity must generate the same domains , hence there must be a hard coded algorithm for the domains as well as a limited time span over which they are valid.

The AV or NoScript whitelist only needs to generate the currently available domains and block these / place warnings on them if they generate conventional domains. 

 

6 hours ago, mr moose said:

It would just be for sites that are non interactive, like news sites, company information and PDF downloads and things like looking at timetables for trains.

 

I personally like the idea of an ad not being able to be anything other than be a picture that hyperlinks to a website.

You can whitelist / blacklist domains.

Sadly the image idea , although great, will not be implemented as "It would be less effective".

 

6 hours ago, hey_yo_ said:

Some AV programs detect behavior and don't rely on signatures so in the likelihood that someone comes up with a new mining script, the AV program detects the untrusted behavior characteristic of a cryptomining script and blocks it from executing and a lot of them constantly report unusual behavior to the AV cloud servers for analysis.

A script could then be adjusted to run using a PWM type system, not running the entire time so that it is not noticed by the user and is not classed as "suspicious" by an AV.

[captain_to_fire]

18 minutes ago, ScratchCat said:

A script could then be adjusted to run using a PWM type system, not running the entire time so that it is not noticed by the user and is not classed as "suspicious" by an AV.

I don't know what a PWM type system is but just as I've said before, they crawl the internet all the time to classify sites, scripts and applications as malicious or not (cloud protection). I know that malware made sophisticated can slip past an anti-virus, my anti-virus program has never failed me in blocking mining scripts.

Spoiler

 

Edited February 28, 2018 by hey_yo_

[Carde]

Luckily I cannot even recall browsing without noscript and Ublock. It is a bit of a hassle for the first few days to whitelist what needs to be white listed, but after that it is wonderful and you quickly learn what to white list and what not when visiting new pages.

 

Still sucks that this is all needed though.

[kiska3]

7 hours ago, mr moose said:

It would just be for sites that are non interactive, like news sites, company information and PDF downloads and things like looking at timetables for trains.

In the tone of "Your call could not be connected. Please check the number and try again"

"Your browser could not load Sydney trains timetable, please check your browser settings and try again. JS not found"

 

Pretty much Sydney trains site is full of js interactivity

[asus killer]

Windows should really be more proactive and not allow just any software to hijack either cpu or gpu. The large majority of people have no clue what ad blocks, no scripts is.

 

Another thing is websites should be more responsible with their ads, they keep asking to turn off adblock and when you do all hell breaks lose, even if it is not a hardware scam is some weird ads full of scams, weird shit that cures cancer with a banana. This even in high profile websites. Let alone discuss those pages that are half ads, half content, in your face bright colors, flashy ads.