Thursday 17 March 2016

Buggered by the Beeb

You know that a problem is major when it hits dear old Auntie BBC. And malvertising is major.

Malvertising is when something wicked is hidden inside one of the adverts that is thrust at you when you visit a web site. But is this the fault of the BBC? Yes and no.

The internet advertising ecology isn't simple. There's content providers (like the BBC), there's people who want to advertise, and there's middlemen. The content providers just sell advertising space to the middlemen; the advertisers buy advertising space from the middlemen. And the adverts are hosted by the middlemen (or by someone running a server for them).

The problem is, who checks that the adverts aren't malicious software? And the answer is, if anyone is checking, they aren't doing a great job of it.

And maybe that's not their fault - remember how I've been finding that pretty much all antivirus products fail to flag pretty much every instance of malware that enters my inbox? Well, if the middlemen are relying on their favourite antivirus ... that isn't going to help them.

So what is to be done?

I know what I'm doing. I'm running an ad blocker - uBlock Origin. I also have a huge hosts file that killfiles a long lost of ad servers. As a result, I very rarely see an advert. And yes, I do realise that this leads to a loss of revenue by the web sites. But until they find a way to make adverts safe (and that can actually be done *very* easily), I want to keep malware off my computer using the only methods that I have.


  1. Not just the BBC:
    Interestingly, the article suggests there is value in having an AV installed, as this malware family won't install on a system if one of a list of AV programs is already installed.

  2. I wouldn't want to rely on the malware avoiding AV products. Other malware won't do that.