To Customer Support To Customer Support
Solved

g00 adware insertion

  • 24 December 2016
  • 8 replies
  • 187 views
S
Rank
Userlevel 3
this nasty g00 adware insertion in popular newspaper sites..
 
https://github.com/uBlockOrigin/uAssets/issues/227
 
when i go to newspaper site,it just head to g00 adware referrer and consumes lot of bandwidth....
can webroot foil this attempt by prebenting g00 crap....potentially a malicious code is inserted by instart logic code....
you can see no of cookies set by this g00 crap
following is list of sites affected
 
'baltimoresun.com',
'boston.com',
'capitalgazette.com',
'carrollcountytimes.com',
'celebuzz.com',
'chicagotribune.com',
'courant.com',
'dailypress.com',
'deathandtaxesmag.com',
'gamerevolution.com',
'gofugyourself.com',
'hearthhead.com',
'infinitiev.com',
'mcall.com',
'nasdaq.com',
'orlandosentinel.com',
'ranker.com',
'sandiegouniontribune.com',
'saveur.com',
'sherdog.com',
'spin.com',
'sporcle.com',
'stereogum.com',
'sun-sentinel.com',
'thefrisky.com',
'thesuperficial.com',
'timeanddate.com',
'tmn.today',
'vancouversun.com',
'vibe.com',
'weather.com',
'wowhead.com',
'calgaryherald.com',
'edmontonjournal.com',
'edmunds.com',
'financialpost.com',
'leaderpost.com',
'montrealgazette.com',
'nationalpost.com',
'ottawacitizen.com',
'theprovince.com',
'thestarphoenix.com',
'windsorstar.com',
icon

Best answer by Baldrick 28 December 2016, 17:37

View original

8 replies

Baldrick
Rank
Userlevel 7
I would assume that it can given the nature of the threat but for the definitive answer we need to ask for the input of the Webroot Threat Researcher such as @...any chace that you could assist re. this one? ;)
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Dermot7
Rank
Userlevel 7
Badge +3
Only affecting Chromium-based browsers?
 
S
Rank
Userlevel 3
yep only chromium
DanP
Rank
Userlevel 7
Badge +35
I can pass this along to our Web Analysts, but this looks like something that would be best handled by ad-blockers. 
 
-Dan
Webroot Threat Research
Baldrick
Rank
Userlevel 7
Hi Dan
 
Many thanks for the response...much appreciated.
 
Hi samual914
 
Further to Dan's recommendation please see below for some ada blockers for Chromium that a number of members use/recommend:
 
uBlock: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en or
Privacy Badger: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
DanP
Rank
Userlevel 7
Badge +35
If you visit the link in the initial post there is a link to an extension that takes care of this issue...
 
-Dan
Webroot Threat Research
Baldrick
Rank
Userlevel 7
Cheers, Dan. :D
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
S
Rank
Userlevel 3
here is whats the truth bout instart logic code..
`Instart Logic's technology used to disguise third-party network requests as first-party network requests, including the writing/reading of third-party cookies as first-party cookies. I consider this to be extremely hostile to users, even those not using a content blocker, as it allows third-party servers to read/write cookies even if a user chose to block 3rd-party cookies through your browser setting.`

also this instart logic is making dns tweaks to news content before it passes to its end users,it might result in future malicious payload........
ublock origin uses static filter lists,if it has no filter lists against those ,it will no work...
privacy badger not working....see here.....https://github.com/EFForg/privacybadger/issues/1044
webroot should prevent(dns change) this g00 adware insertion at earlier time...
now this affects more no of popular news websites,,,

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.