There are still tabnapping and phishing making articles unreliable on the site. Were it not for Feedly and the BBS, I would not read the site at all. And this is a shame, because there is no income from my habits.
The ads read my ISP and pretend to be it, or read my OS and pretend to be iOS or MacOS, and use several redirects to make the back button unusable.
I have cleared all data, in case it was using local storage, to no avail.
Ugh is this still possible in iOS and OS X Safari? I know they implemented a few fixes for this in the past. You’re on latest iOS (13)? I know the equivalent of iOS 13 isn’t out for iPads yet because of the new iPad OS, but soon.
I received a false Firefox update that would have installed a trojan if Windows Defender hadn’t blocked it.
It happened a couple of days ago when I clicked a blue link someone posted that didn’t onebox. There were 13 other clicks before me. Sadly, I can’t remember or find the particular thread I was in.
As another update that might help track down which adserver is allowing scummy ads, I just noticed this same behavior on Zach Weinersmith’s Saturday Morning Breakfast Cereal just now on the Mac. Scare tactic “your Mac is infected” bullshit.
Many of these malicious ads are geo-targeted to specific places, making it extremely hard to track them down.
If you can screenshot or catch the redirects in your browser history, forward that info to badad@boingboing.net and we will pass it up the chain.
It should go without saying that we (along with our ad partner) do not approve any of these ads, hate them as much as you do, and want to see them removed.
I know, and I appreciate your help. I will make a screenshot the next time. My reason for raising a stink is to actually help you guys, so I’ll do some more forensic digging.
Here’s another one, pretending to be a Flash download site. It just uses a spammy domain name, and I found several spammy links to it in my history. About 5 times it tried to drop me here.
My guess? The ads abuse a redirect tool inside YouTube to hide themselves from the ad provider, redirecting until the fraud detection systems are fooled.
One more edit to explain why I am posting here: It’s to help others, in the spirit of treating BoingBoing as a community and not just a blog. Maybe others can find and submit similar.
Can you not use an ad or script blocker while they put a stop to this? Supporting a site is one thing but surely not at the expense of potential malware and phishing attacks.
because the ads are often explicitly geofenced so that we cannot see them (or targeted to specific devices), any information anyone can provide may help to catch the ad in question.
Thank you all for your assistance in catching these bad actors!