8.11.18

New Chrome version aims to remove all ads from abusive sites




The move is part of Google’s continued clampdown on adverts that are intended to hoodwink users
Chrome 71, due out in December, will come with enhanced in-built protections aimed at safeguarding users from harmful advertising, according to a note by Google Product Manager Vivek Sekhar this past Monday.
Using a feature called abusive sites filtering, the incoming version of the world’s most popular web browser will remove all (i.e. not just the offending) ads from websites with “persistent abusive experiences”. Those practices mostly involve deceptive ads that trick users into clicking on them by pretending to be system alerts or “close” buttons that, however, are anything but.
Additional deceptive site practices that Google intends to deep-six with Chrome 71 include the use of scroll bars, buttons, links, or typically non-clickable areas that, when clicked, lead to adverts without the user’s knowledge and can be more than “just” a nuisance.
Scammers can also deploy deceptive ads and page elements with the aim of stealing users’ personal data, including by duping them into divulging the data themselves. The full – and by no means short – list of behaviors classified by Google as abusive is available here.
The measure is another iteration in Google’s continued efforts to banish unwelcome website behaviors. Back in November 2017, Google announced a set of protections to block “pop-ups and new window requests from sites with certain abusive experiences like redirecting pages”, with the protections rolled out two months later.
Website administrators can use Google’s Abusive Experiences tool to check if their website harbors any such offending ads. If so, they will have a 30-day grace period to put things in order.
“Stronger protections ensure users can interact with their intended content on the web, without abusive experiences getting in the way,” said Sekhar.


6.11.18

Malware of the 1980s: Looking back at the Brain Virus and the Morris Worm Juan Manuel Harán



This installment in our series of articles to mark Antimalware Day tells the stories behind two creations that are representative of the 1980s: a virus viewed as the first-ever PC virus and a worm that caused the greatest damage ever wrought by a piece of malware up to that point
As promised on Friday when we introduced our series of articles marking Antimalware Day, let’s recall the early days of malicious code, putting the spotlight on the Brain Virus and the Morris Worm.
Brain
Discovered in 1986, Brain was the first virus to target IBM PC platforms (and, by extension, the MS-DOS operating system). By using techniques to hide its existence, it was also the first stealth virus. Created by two brothers from Pakistan, Basit Farooq Alvi and Amjad Farooq Alvi, Brain infected the boot sector of a floppy disk.
But why was it written? The Alvi brothers were operating a computer store in the Pakistani city of Lahore when they noticed pirated copies of a computer program they had written being circulated by their customers. This got them thinking about how they could teach their customers a lesson: enter Brain, also known as Pakistani Brain.
As explained in an interview with security expert Mikko Hypponen in 2011, the virus was created solely for addressing illegal copies of their program. In addition to a message warning users that they were running bootleg software, the virus’s code also included the brothers’ names, phone numbers, and their store’s address. According to the brothers, the virus was “not made to destroy any data”. Rather, it was intended to ensure that users whose machines had become infected due to using pirated software could contact them for “vaccination”.
Nevertheless, they never expected that the first phone call would come from the United States, nor that the virus would spread to various parts of the world.
Here’s the interview in full:
<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>
Morris
The Morris Worm, sometimes also called the Internet Worm, entered the history books as the first computer worm that was distributed over the Internet and that compromised thousands of computers, drawing massive media attention in the process. It was written and unleashed in 1988 by Robert Tappan Morris, a 23-year-old doctoral student at Cornell University and the son of Robert Morris Sr., a famous cryptographer and formerly the chief scientist at the NSA’s National Computer Security Center.
Back then, the Internet consisted of approximately 60,000 machines, some 6,000 of which were infected by the worm. After the code was released from a computer at Massachusetts Institute of Technology (MIT) in November 1988, much of the then Internet was paralyzed. This ultimately led to the establishment of the first Computer Emergency Response Team (CERT).
The worm operated by exploiting vulnerabilities in Unix’s sendmail, fingerd, and rsh/rexec, while also taking advantage of weak passwords. It comprised 99 lines of code and, of course, had the ability to replicate and propagate itself. It became a dangerous threat due to a flaw in its propagation mechanism, having eventually infected thousands of computers at universities, in government laboratories, as well as in companies.
Besides the damage that it caused, the worm also exposed many security weaknesses, revealing the need for reviewing password protection procedures, among other measures.
According to statements made by Robert Morris back then, the worm was never intended to be malicious or spread so quickly. It is not certain why exactly it was created and launched, although it is often thought that Morris “only” sought to find out how big the Internet was. At any rate, when Morris realized that the worm was spreading so wildly, he asked a friend to send an email to apologize for his creation and to give instructions on how to kill it. Given the chaos that the malware caused, however, his message went unnoticed.
The worm’s creator became the first person to be convicted under the then recent Computer Fraud and Abuse Act. He was sentenced to three years of probation and ordered to pay a $10,050 fine and to perform 400 hours of community service.