There's been a lot of news about this topic lately. For a fairly basic user of NoScript who doesn't understand a lot of the terminology, I'm wondering if someone can explain whether NoScript gives protection against these kinds of exploits, that is, where a site itself isn't compromised, but malware is injected via a compromised ad network. I believe it isn't necessary to click on a malware ad for this exploit to work, but perhaps you can confirm if this is so.
And I'm especially interested in knowing if "trusted" sites, where most scripts are allowed, are still protected by NoScript against these exploits.
Thanks.
NoScript and malware through advertising
NoScript and malware through advertising
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
-
Giorgio Maone
- Site Admin
- Posts: 9526
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NoScript and malware through advertising
Yes, NoScript protect against this and yes, trusted sites are protected because the malicious payload is served from off-site servers (different from the main "trusted" site) which almost surely are not in your whitelist.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Re: NoScript and malware through advertising
Thanks, great to hear. I don't usually allow, for example, doubleclick (and I assume doubleclick would be considered a script from the main "trusted" site), but if I did allow it, isn't it possible it could, as an ad network, serve up some bad stuff, if it had been compromised? Not sure how all this works.Giorgio Maone wrote:yes, trusted sites are protected because the malicious payload is served from off-site servers (different from the main "trusted" site) which almost surely are not in your whitelist.
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Re: NoScript and malware through advertising
Giorgio, sorry, maybe I wasn't clear, but I was asking a question in previous post about whether allowing doubleclick.net (or any other script from an ad network) on a whitelisted site could potentially inject this kind of malware through advertising. Thanks for your patience if your earlier answer covered this scenario.
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
-
Giorgio Maone
- Site Admin
- Posts: 9526
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NoScript and malware through advertising
It's very unlikely.
So called "malware through advertising", if referred to big and resourceful networks like doubleclick (owned by Google), is never served directly by the advertising company's servers, but from the malicious advertiser's one.
Therefore, by allowing doubleclick.net you don't specifically add a "malware through advertising" risk, but just the regular risk of whitelisting a known and well-established site.
So called "malware through advertising", if referred to big and resourceful networks like doubleclick (owned by Google), is never served directly by the advertising company's servers, but from the malicious advertiser's one.
Therefore, by allowing doubleclick.net you don't specifically add a "malware through advertising" risk, but just the regular risk of whitelisting a known and well-established site.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Re: NoScript and malware through advertising
Thanks.
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3