Forbes forces readers to turn off ad blockers, promptly serves malware

CMLew

Level 23
Thread author
Verified
Well-known
Oct 30, 2015
1,251
For the past few weeks, Forbes.com has been forcing visitors to disable ad blockers if they want to read its content. Visitors to the site with Adblock or uBlock enabled are told they must disable it if they wish to see any Forbes content. Thanks to Forbes’ interstitial ad and quote of the day, Google caching doesn’t capture data properly, either.

What sets Forbes apart, in this case, is that it didn’t just force visitors to disable ad blocking — it actively served them malware as soon as they did. Details were captured by security researcher Brian Baskin, who screenshotted the process:


Advertising malware has existed for years, but recent reports show that its happening far more often than it used to. A report released by Cyphort earlier this year claimed that online advertising infection rates had increased 325% from 2014 to 2015 as more malware authors began tapping into the market. There are multiple ways that malicious advertising can masquerade to ad networks as legitimate, including:

  • ™™Enable the malicious payload after a delay of several days after the ad is approved
  • ™™Only serve the exploits to every 10th user, or every 20th user who views the ad
  • ™™Use SSL redirectors in malvertising chain
  • ™™Verifying user agents and IP addresses
The reason this can happen, even on legitimate websites like Forbes (which is far from the only company impacted by this kind of event) is that users don’t need to actually click on an ad to be infected. Many websites contract with third-party ad networks to provide advertising content. Those ad networks sign agreements with advertising clients, but they don’t actually serve the ads themselves. The ads are delivered by a server designated by the advertiser. There are multiple ways that malicious advertising, or “malvertising” can be slipped into service without direct approval of such by either the ad network or the site serving the content. In 2015, some malicious sites began serving ads over HTTPS, making it much more difficult to identify their source or deconstruct the attack.



What happened to Forbes isn’t unique; The New York Times, The Huffington Post, and a number of other high-profile sites have been hit by similar attacks over the years. What sets Forbes apart, however, is that the site is actively attempting to block people from using ad-blocking software, even though we have an increasing amount of evidence that suggests such software can meaningfully protect users.

What happens now?
Readers don’t like ads on websites any more than TV viewers like watching commercials in programs. Websites, including this one, sometimes struggle to balance revenue against reading experience and intrusiveness. But one thing we can all agree on is that serving readers malware is utterly unacceptable.

Unfortunately, it’s simply not clear how to resolve the issue. Websites that depend on ad revenue (all of them) can’t survive if 60-80% of readers are using adblock. The nature of the advertising business practically requires the use of automated approval tools and specialized partners — ad networks approve and purchase millions of ads, in real time. Very, very few publications could afford to build completely in-house solutions — and even those that can still face the challenge of vetting ad security in an environment when bad actors have multiple ways to deceive them about the actual content of an advertisement.

Forbes may have been the first website to ban ad blockers and then serve its customers malware, but it’s probably not going to be the last. Long-term solutions to the problem remain murky. Very few people subscribe to websites, even when subscriptions are available, and politely asking people to turn off ad blockers has a response rate of less than 1%.
 

OokamiCreed

Level 18
Verified
Honorary Member
Top Poster
Well-known
May 8, 2015
881
I simply don't go on that site because it forces me to disable adblocker. More reason not to now.

Better install that Java update! fugupdates143 says your out of date. Brought to you by Forbes. lol
 
  • Like
Reactions: frogboy
H

hjlbx

Common sense do not turn off ad blocker on heavily interconnected sites - like Forbes, PCMag, New York Times, People Magazine, etc. Too much CDN crap...

Better yet, use virtualization and there will be less problems.

Ask @Umbra about this. He will explain.
 
  • Like
Reactions: mal1

CMLew

Level 23
Thread author
Verified
Well-known
Oct 30, 2015
1,251
Common sense do not turn off ad blocker on heavily interconnected sites - like Forbes, PCMag, New York Times, People Magazine, etc. Too much CDN crap...

Better yet, use virtualization and there will be less problems.

Ask @Umbra about this. He will explain.

I agree. Sometimes Adguard protection is too powerful till some point it doesn't allows you to download stuffs from some sites notably Mega.zo.nz. I did a try on it and yes it doesn't allow you to d/l. Once you turn off Adguard then it resume to normal.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
You can read any alternative articles on some websites that doesn't ask to disable the adblockers though, sometimes disabling isn't a good idea and prone for more risks at all.
 
  • Like
Reactions: frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top