• Welcome to Mugwump's Fish World.
 

News:

I increased the "User online time threshold" today (11/29/2023) so maybe you won't lose so many posts.   Everything is up-to-date and running smoothly. Shoot me a message if you have any comments - Dennis

Main Menu

User

Welcome to Mugwump's Fish World. Please login.

April 16, 2024, 03:30:52 AM

Login with username, password and session length

Stats

Stats
  • Total Posts: 127,299
  • Total Topics: 18,524
  • Online today: 133
  • Online ever: 787
  • (January 22, 2020, 01:11:59 PM)
Users Online
Users: 0
Guests: 133
Total: 133

et tu utube ?...*sigh*

Started by Mugwump, February 01, 2018, 02:06:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Mugwump

February 01, 2018, 02:06:10 PM
Now even YouTube serves ads with CPU-draining cryptocurrency miners
Ad campaign lets attackers profit while unwitting users watch videos.

Dan Goodin - 1/26/2018, 1:27 PM

YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported.

Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube.

https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/?comments=1

On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain.

The ads contain JavaScript that mines the digital coin known as Monero. In nine out of 10 cases, the ads will use publicly available JavaScript provided by Coinhive, a cryptocurrency-mining service that's controversial because it allows subscribers to profit by surreptitiously using other people's computers. The remaining 10 percent of the time, the YouTube ads use private mining JavaScript that saves the attackers the 30 percent cut Coinhive takes. Both scripts are programmed to consume 80 percent of a visitor's CPU, leaving just barely enough resources for it to function.

"YouTube was likely targeted because users are typically on the site for an extended period of time," independent security researcher Troy Mursch told Ars. "This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made." Mursch said a campaign from September that used the Showtime website to deliver cryptocurrency-mining ads is another example of attackers targeting a video site.

To add insult to injury, the malicious JavaScript in at least some cases was accompanied by graphics that displayed ads for fake AV programs, which scam people out of money and often install malware when they are run.
Jon

?Life should not be a journey to the grave with the intention of arriving safely in a pretty and well preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming ?Wow! What a Ride!? ~ Hunter S. Thompson
Print
Go Up Pages1
User actions