How my PC got hacked!
There were a number of high profile sites hit with malware warnings the last couple of days which has generated a fair amount of attention. The issue is/was malvertising, malicious content contained in web ads being served by the site. I am not going to discuss whether or not it was a "false Positive" (it wasn't) I am going to address the reaction of most, not all, of the sites affected.
The majority of the sites involved were very quick to start posting "It is a False Positive just ignore it or better yet disable your security component in your browser. I don't know how many users followed their advice but from what I am reading on the most of the forums quite a few.
Let me start by asking the users who followed the advice a question. If any of those sources advised you -- Hey your laying in bed and your smoke alarm goes off. The best thing to do is just ignore it, or better yet disable it, turn it off, pull the battery out, unplug it, what ever. Don't bother getting up, don't bother going downstairs to see if the house is on fire just go back to sleep, chances are it is a false alarm, a false positive.
If your answer is "Yes I would ignore the smoke alarm" don't bother reading any further!
For anyone still reading lets translate the advice into "plain speak", it would translate to something like this, -- "Hey loyal reader/user of xyz website we know you are getting a malware warning when you try to visit our site but we here at xyz believe that the .07 cents of ad revenue we will receive when you click one of our links is much more important then the very real possibility that your computer will get infected so go ahead and click. So what if your computer gets infected and some hacker steals your identity, drains your bank account, runs up a few thousand on your credit cards, you know what? that is not going to effect us here at xyz one little bit."
If you are surfing the web and get a malware warning (even if you have visited the site 100 times in the last hour without a warning) before you ignore the warning ask yourself "What is so important, so critical about visiting the web site that justifies taking the risk? " Is it so important that I can't wait 24 hours and then try again? Is it something that I can not find on 20 other websites that are not flagged? and then don't click the link, don't ignore the warning. Most malicious sites are cleaned up and the warnings removed within 24 hours. And, in most of the cases were it takes more then 24 hours it is because the site owner spends the first 24-48 hours whining about a "false Positive" and does nothing to clean up the site.
I also am seeing a number of posters/self proclaimed "security" experts say and/or advise Just ignore it, it is probably a "False Positive" or Just ignore the warning if it is truly malicious your anti virus software will protect you. Going back to the smoke alarm analogy If your local Fire Chief advised hey just ignore the alarm it might be a false positive or hey you have an automatic fire sprinkler system in your house, you can just ignore the smoke alarm the sprinkler will put out the fire, How much confidence would you have in him? While chances are that an automatic sprinkler might put out any fire do you want to take the chance?
No doubt I am being overly critical here. There are a large number of site owners who sincerely believe their site could not have been hacked, that it is truly a false positive. And in many cases the site owner is absolutely correct, their site has not been hacked but an ad on their site has. But you know what, no matter the motivation of the site owner, your PC/MAC is just as hacked! Don't click that link! Don't ignore that malware warning! and Don't disable your anti-virus!
The only point I am trying to make here is to the users, the readers If you are interested in the causes of the recent widespread malware alerts this is a good place to start. Malware attack takes OpenX OnRamp offline and raises concerns for the future