[ad]
Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a p*rn site!
This is just what happened to Perl.com a few days ago.
Visitors to Perl.com, the O’Reilly Media-owned resource, were redirected on 17th of January to a link farm pushing p*rn sites.
Geeks who hit the site were sent to grepblogs-dot-net, a site that offers links to live adult webcams, erotic blogs and adult erotic fiction, among other things. Closing the Internet Explorer browser window that contains the site caused another link farm of dubious links to open, from a site called cnomy-dot-com. It carries more p*rno links and banner ads claiming visitors have won a free iPod.
“I was aghast,” said Tom Christiansen, author of many of the most popular Perl reference books. “I need to understand the nature of the problem.”
Odd that the name of the p*rn site is pretty geeky too, grep blog? Doesn’t sound like your run of the mile adult webcam directory right?
I guess spammers and getting more clued in, targeting a Perl site..using a geeky blog name – pretty smart.
The episode is the latest example of the perils that come from running ads and javascript from a third-party website. In recent months, rogue ads hosted on DoubleClick, Real Media and others have infected websites. While such services often make life easier for administrators, they also create opportunities for miscreants to defraud users.
Since 2006, HTML code on the Perl.com website has pulled javascript off of the grepblogs site, said Dale Dougherty, general manager of the O’Reilly divisions that’s responsible for upkeep of Perl.com. Once the content on the grepblogs site changed, visitors to the site were soon redirected to other sites. O’Reilly admins fixed the problem at about 6:30 a.m. California time on Friday by nullifying the script.
As many of the members here have done, blocking JavaScript may be a good idea, blocking ads may help or just not surfing at all!
Of course not using Internet Exploder Explorer also goes a long way.
Source: The Register
Sir Henry says
Indeed, the first thing I noticed was the mention of IE. I just do not understand why people still use IE. Then again, my soon-to-be previous employer builds applications that only run in IE, thus securing their insecurity. Digression noted, I do find their lexicon of geek to be impressive for the sake of domain naming.
Pantagruel says
Guess someone found a ‘creative’ way to plug a whole for the needy Perl geeks ;). And indeed their way of finding a sexy url/domain name surely will have fooled some of the geeks until they where confronted with the scantly clad men/women.
Restricting websites to IE surfers only should be made punishable (a life sentence of lynx usage would be appropriate), it’s shortsighted, extremely annoying and does no justice to your programming/coding skill. Further more I cannot understand why an O’Reilly website would rely on 3rd party sourced Javascripts, you are effectively creating a point of entry/abuse/etc.
Reticent says
“a life sentence of lynx” – That’s pretty cold, I wouldnt wish that upon anyone :)
goodpeople says
oh dear.. how sad.. never mind.
This is just plain stupid. But hey, shit happens. I wonder though how the bad guys got hold of the domain name..
Nobody_Holme says
*points at the tutorial on that somewhere on here* at least, i’m pretty sure it was on here… bad guys can read this too…
I just ignore anything that tries to force me onto exploder… its in my permanent firewall block list just to make sure. So far (and i’ve been doing so for a couple of years now) i think the only site i’ve cared about was some corporate recruitment company who i’ve since found are incompetent in every way anyway, so no loss there.
eM3rC says
Black hats strike again. Seems like a pretty funny prank to pull considering the volume of people that visit perl.com.
I think mozilla should be the new default browser!
J. Lion says
The example was Internet Explorer (IE) – but was it truly limited to IE or was Firefox vulnerable as well?
eM3rC says
I would say IE is the most vulnerable to almost every attack. With firefox you can download an addon called noscript which blocks attacks like this and if you are equipped with a good firewall it should catch the download and/or attempt to install this program. Although I dont know about this exploit personally it seems like IE would be the one affected.