Do You Know What Malvertising Is?

We've all become accustomed to seeing ads on websites.  Some sites are slowed down as ads continually load on multiple sides.  This is most evident on sites our kids frequent and frequently complain about, like Cool Math Games.  The continually loading of new ads causes the all too frequent "Dad the website's frozen again!!!"

Most Internet users are aware that ads fit into two main categories.  The first comes from out own Internet history.  Did you just look up swimming suits?  Well now you're being served ads for places selling swimming wear.  The second are ads being pushed so hard you feel like you're seeing them everywhere - sometimes twice on the same page, such as the Prominence Health Plan ad being served twice, right next to each other on the Cool Math Games pages, see the attached image.  We get it, you want to sell health insurance, but these ads are beyond annoying.

There is also a third kind of ad that is taking on a life of it's own and it's effects are far worse than causing irritation.  Malvertising could be infecting a site you regularly visit.

In the the last two weeks multiple sites have been found to be serving malvertising ads, which cause malware infections on the user's computer.  The specific infection being seen is in the Kovter Trojan executable family which once installed it connects to a Command-and-Control server after which the computer can be exploited in any number of ways.

The most recent infected ads have been served via the AOL Ad-Network, advertising.com.  Below is a list of sites known to have served the malvertising:

  • huffingtonpost.ca
  • huffingtonpost.com
  • mandatory.com
  • laweekly.com
  • gooddrama.net
  • fhm.com
  • thewmurchannel.com
  • buzzlie.com
  • mojosavings.com
  • houstonpress.com
  • soapcentral.com
  • theindychannel.com
  • gamezone.com
  • weatherbug.com

After clicking on the infected ad the user is redirected through multiple sites, finally ending up on Polish websites, domain country code .pl.  From Cyphort here is the breakdown of the redirection chain from huffingtonpost.com. 

 

You also might occasionally see an ad that isn't being served, see below.  This tends to slow the the website even further as the ad attempts to load or errors out.  This is also sometimes a result of virus protection blocking a particular ad it knows contains something malicious. 

Typically if you're in need of a certain service we recommend avoiding clicking on those flashy ads.  Rather do your own search and avoid whatever might infect your computer when you thought you were just getting an insurance quote.

 

Read more...

Top 10 Searches of 2014

Every December Google releases the top 10 searches of the previous 12 months, both for the US and Globally, did you Google all of these in 2014?

US Searches

  1. Robin Williams
  2. World Cup
  3. Ebola
  4. Malaysia Airlines
  5. Flappy Bird
  6. ALS Ice Bucket Challenge
  7. ISIS
  8. Ferguson
  9. Frozen
  10. Ukraine

Global Searches

  1. Robin Williams
  2. World Cup
  3. Ebola
  4. Malaysia Airlines
  5. ALS Ice Bucket Challenge
  6. Flappy Bird
  7. Conchita Wurst
  8. ISIS
  9. Frozen
  10. Sochi Olympics

Very similar, although it looks like the Flappy Bird marketing team needs to pick up their global marketing.

In case you're wondering who or what Conchita Wurst is I'll save you the need to Google it, unless of course you'd like to add to Google's data with your search.

Conchita Wurst is an Austrian Singer.

Conchita_wtf

Read more...

Most Popular Websites 1996-2013

On the heels of our last post about the top Google searches for 2014, let's take a look at the top Websites from 1996 to 2013.  It's easy to forgot how dominant AOL once was.

  • 1996 - AOL
  • 1997 - AOL
  • 1998 - AOL
  • 1999 - AOL
  • 2000 - AOL
  • 2001 - AOL
  • 2002 - AOL
  • 2003 - Yahoo
  • 2004 - Yahoo
  • 2005 - Yahoo
  • 2006 - Yahoo
  • 2007 - Yahoo
  • 2008 - Google
  • 2009 - Google
  • 2010 - Yahoo
  • 2011 - Google
  • 2012 - Google
  • 2013 - Yahoo

To see the full list of the top 20 sites per year from comScore / Media Metrix go to the Washington Post Article.

Top_20_Sites

Read more...

Net Neutrality Is All Over The News Again - But Is It Good Or Bad?

Net Neutrality comes down to two basic sides.  One side believes governments need to get involved to regulate and prevent artificial controls believed to be put on the Internet by telecoms either by limiting access through their pipelines or by blocking content.  The other side believes that government interference aka regulations will damage Internet access and that greater competition will solve concerns about blocked content or pipeline throttling.  There is also the argument that some kinds of "data discrimination" to guarantee quality of service is not problematic.

Let's take our own community as an example.  The City of Reno is currently in a 15 year exclusive agreement with Charter Communications.  How many people would say that this has been beneficial for our area?  Let's check out local online ratings and see how people feel about Charter.

Charter Reviews on Consumer Affairs Charter Reviews on Google Charter Reviews on South Reno Yelp 

It doesn't appear that the public feels that the City of Reno did them any favors, by squashing competition and limiting their choices in Internet service providers.  We receive countless calls every week for people looking for alternatives to Charter & AT&T in Reno and Cox & CenturyLink in Las Vegas.  Sure you're never going to make everyone happy, but greater choice is always a better step than trying to regulate an industry's performance.

It also must be said that the entire discussion of telecoms and Net Neutrality completely ignores content provided or blocked by search engines.  Google, Bing, Yahoo etc regularly blacklist websites so that you won't be able to find them using their search engines - isn't that against Net Neutrality?  Obviously yes, sure the search engines have guidelines and reasons why a site gets blacklisted, but it doesn't change the fact that they are blocking content.

Reasons why a website could get blacklisted include:

  • Your site is using black hat tricks to improve ranking
  • Your site has unnatural links, including paid links
  • The search engine received legal notice that your site is violating a copywrite
  • Hidden keywords or phrases in background color
  • Your site is spoofing another site
  • Your site links to known spammy or malicious pages
  • Your site is infected
  • Illegal content on your site

All perfectly good reasons to have your content blocked.  This is a process already setup and handled well by the search engines; if someone doesn't like the way a search engine blocks certain sites they have opportunities to use a different search engine or go direct to that site.  Why would anyone want legislation getting into the mix and making this process worse and more costly.

The Net Neutrality discussion also ignores the fact that the Internet is world wide...you know World Wide Web... and America is not the world police.  What is stored on servers in other countries can't be policed by America.  Ask China, who works very hard to keep their Internet closed, how policing the Internet is going.  This also ignores laws that differ from state to state, as most people realize some things that are legal in Nevada aren't really legal most other places.  Or consider California's bizarre law from 2013 attempting to regulate the Internet, how did that work out for them?

Net Neutrality is great in theory, sort of like everyone getting a trophy for participating, but in practicality neither of those prove beneficial.  What we really need is an open market with greater competition among service providers and yes we really do need a certain amount of content blocking as handled by search engines.

Read more...

There's No Such Thing As Free Wifi

There's no such thing as a free lunch is as true today as when it was first written in the 1930s, as well as it's likely origin in the once common practice of saloons in America offering a "free" lunch to any patron who purchased at least one drink.

Today, you can take that adage and attach it to a number of scenarios in technology.  There's no such thing as free email. There's no such thing as free software. And the one we're talking about now - There's no such thing as free wifi.

We'll skip the obvious part about how you paid for the hotel room with "free" or complimentary wifi, or the Starbucks you purchased to sit and enjoy as you use their "free" wifi, or the "free" wifi now available when you walk through any number of retail stores like Target. Instead we're going to talk about something many people consider much more insidious - Adware injected into webpages on "free" wifi networks.

In 2012 Justin Watt was staying at a Courtyard Marriott in New York. Justin happens to be a web developer and as such is a bit more savvy about what he's seeing on the screen than your average web surfer. When Justin went to use the "free" wifi to access his blog he noticed a colored bar at the top of his page that shouldn't be there. His curiosity was peaked and he viewed the source code for part of the site and, "Sure enough I saw some unfamiliar CSS (including the prefix rxg) and JavaScript that had been injected after the <head> tag." Justin goes on to say in his blog, "And I found some unfamiliar JavaScript after the <body> tag."

Justin was immediately concerned his site had been hacked and began digging through his core files. Everywhere he checked his site was intact and unharmed. After much testing and eliminating possibilities Justin determined, "somewhere between the Internet and my computer, someone is injecting JavaScript into EVERY SINGLE PAGE I LOAD."

Justin did not see this as the final answer rather the next place to look. Using a utility that unpacks packed Java he was able to determine that the primary purpose of this JavaScript injection was ad injection / ad takeover, in other words forcing unwanted ads upon the unsuspecting "free" wifi user.

The next question, at least for anyone techy inclined, was had the hotel's wifi been hacked or was their something more malicious at work?  Could the hotel's ISP be involved?  Had the hotel itself brought in this technology to influence guests? Justin was also concerned about who could be notified, who would care about this invasion?

Computer companies spend a great deal of time removing Adware from computers and as a result users spend a great deal of money paying to have Adware, Malware, Viruses and Ransomware removed from their computers. But this is the cost of being online; the Internet is crawling with things we don't want on our computer and we'd like to believe that when using "free" wifi the company providing it has our best interests at heart and has put security in place to keep our systems safe.  Sadly that's not always the case.

Back to that odd prefix tag "rxg", this is how Justin was able to get to the bottom of the injected JavaScript with the help of one of his blog readers.  It turned out that "rxg" was short for Revenue eXtraction Gateway, made by a Nevada company RG Nets.

From RG Nets site, "...the rXg is the perfect platform for clear communication, authoritative control and complete cognizance over your RGN end-user population."  If that doesn't make you weary of ever using "free" wifi again I don't know what will.  RG Nets site goes on to say, "...profitable IP RGNs extract revenue from the end-user community through a combination of direct and indirect mechanisms."

demo video is available on RG Nets site. A portion of the video transcript, "As you can see the pervasive nature of the advertising banner on all webpages guarantees banner advertising impressions. The RGNets rXg HTML payload rewriting feature is a tremendously powerful tool, with a broad spectrum of applications for Internet marketing programs."  YIKES!

For anyone traveling through Atlanta's International Airport they are listed as an RG Net rXg success story, so be wary of what you see on our screen with that "free" wifi.  A local Nevada success story is the Peppermill Hotel & Casino where the rXg is "...used to advertise resort amenities, restaurants, gaming specials and events." At the Peppermill the rXg is also used to charge for different levels of access including, casino patron, convention attendee or exhibitor, and overnight guess access.

While the Marriott came out shortly after Justin posted his blog and said, "...this functionality has now been disabled." this article does not appear to have harmed RG Nets, although it appears to purchase an rXg you must now contact them directly through a contact page on their website.

Screenshots from an RG Nets online brochure.

RGNets1RGNets2                     RGNets3

Read more...

Best Practices When Registering a Domain Name

So many times we've seen a website owner struggling to manage their domain name registration because best practices weren't used when it was originally registered.  In many cases it was simply not knowing what the best practice is, or having paid a web designer to both create your site and register your domain name.

There are 4 contacts of record, and an optional 5th, with any domain registration.  Whether you have paid for domain privacy or not will determine whether all of these contacts are visible.  Many companies pay for domain privacy simply to stop all of the fake invoices that come in the mail from other registrars trying to get you to pay them and thereby moving your domain to that registrar, but that's another subject.

The first contact is the Registrar, this is the body that maintains your domain's registration information.  They are the company that shows your domain is registered to you and not available for anyone else to take.  The registrar also provides the nameserver information to people on the Internet so people will be able to get the information about how to get to services using your domain. The most common things would be getting to your website or delivering email.

The second contact, is the optional one, and it is the Reseller.  The reseller is who you pay annually, every 5 years, etc, for registration of your domain name, they in turn register your domain through the Registrar.  This is hidden when domain privacy is purchased.  If you purchased directly through a registrar, the Reseller will not be included.

The third contact is the Registrant which is wise to have as you as this contact's authority supersedes the Admin contact, but this is often listed as either the ISP or web developer who initially registered the website for you.

The 4th contact is the most important, and it should be YOU!  This is the location for the Admin contact for the domain name; it's your name, if you want to have control of it this has to be your name and your company information.  You have a falling out with your web developer and want to transfer your domain name to a new Registrar or change nameservers, you may be out of luck if they're the Admin contact.  Because guess who it looks like owns that name, not you.  More about this in a moment.

The 5th contact is the Tech contact and this should either be the ISP you're hosting with or your web developer. This is the person that is often contacted when there are technical issues with the domain. This can include spam complaints, compromised web script reports, etc.

Back to what happens when you aren't the Admin contact.  See an example below.

Locked Domain With Highlighting

The domain in question doesn't matter, do a few whois searches and you're bound to find this kind of situation.  What matters is this domain was registered by the ISP, not using best practices and now as a result of a billing dispute (that has nothing to do with the domain itself) this domain is locked.  (Domain transfers can be denied by the current Registrar for, "Non payment for previous registration periods..."   Making it clear that this is a very narrow reason for refusing a transfer.)  This company would like to transfer their domain away from Utility Webhosting Websites, but they have locked the domain from Transferring.  Worse, by appearances, the company does not own the domain name because they are not the Admin contact, nor are they the Registrant.

So what do they do now?  Typically this process would have a Form of Authorization (FOA) obtaining authorization from Registrant or Admin contact to transfer the domain.  Well that isn't going to help here, the Registrant/Admin are the ones who put the lock on the domain in the first place.  This is your domain, your company's website, you've been paying for both for years, but you're stuck with what would seem to be more of a clerical error, your name doesn't list you as the owner.  The owner as it's registered is Utility Webhosting Websites.  This is the heart of the problem!

From ICANN (Internet Corporation for Assigned Names and Numbers), the governing body who handles domain name disputes including transfer disputes and Intellectual Property disputes, "The Administrative Contact and the Registered Name Holder...are the only parties that have the authority to approve or deny a transfer request to the Gaining Registrar.  In the event of a dispute, the Registered Name Holder's authority supersedes that of the Administrative Contact."

Let's say a billing dispute had arisen that had nothing to do with the domain name, and the ISP had used that as an excuse to lock the domain, but the Registrant and Admin contacts were the company who registered the domain name, this becomes a fairly easy filing with ICANN to get the domain named transferred.  An FOA has been completed and the complaint against the loosing Registrar is filed.  The Registry Operator who reviews the documents will issue the decision within 14 days and as long as the t's are crossed and i's dotted the transfer will be forced to the new Registrar.  This process is fairly simple as ICANN is clear, that as far as issues of billing, domain transfers can be denied by the current Registrar only for, "No payment for previous registration periods (including credit card charge-backs) if the domain name is past it's expiration date or for previous or current registration periods if the domain name has not yet expired."  ICANN goes on to say that "Nonpayment for a pending or future registration period" is not an acceptable reason for the change of Registrar to be denied.

However, without the proper contacts in the Registrant and Admin contact there is no FOA and without an FOA the resolution is much more complicated and may in the end still be denied as it requires finding a way to prove you are the legitimate registered owner of the domain name in question.  ICANN reiterates time and again " If the Gaining Registrar is unable to provide a complete FOA with data matching that contained within the authoritative Whois database at the time of the transfer request..." the transfer shall be denied or reversed depending on how events occurred.  This makes the next steps taken, in conjunction with appealing to ICANN, other court proceedings to prove your domain name is indeed your Intellectual Property and not the property of the existing Registrant / Admin.

Before you find yourself in a difficult situation needing to prove you are indeed the owner of your domain name(s), make sure you Registry information is correct and you are listed as the Registrant and Admin contacts.  If you're not sure how it's currently listed do a Whois on your domain name.  From there if you need to make any corrections or updates get it taken care of right away!  It's not a headache worth having when it's a simple fix right now!

Read more...

The Trouble With PastaLeads

Pasta.Leads PastaLeads is one of the most annoying Adware out there.  This isn't the kind of infection that just slows down your computer, this nasty piece of Adware creates a Windows service that constantly runs in the background and as if that weren't bad enough if also configures your web browser to use a proxy server.

What does that mean for my computer?  PastaLeads generates leads typically for outbound sales companies, for instance let's say you need auto insurance so you do a search.  Suddenly a window pops up with a form where you enter your information and then the program will send that "lead" to auto insurance sales people who will contact you.

Wait, you say, that seems helpful, not harmful.  As helpful as this program seems the problems caused are two-fold, first you will be inundated in pop-up advertisements, all kinds of insurance, tech support (which are often scams that will try and get you to spend a fortune for a non-existent problem, see this article for more details), home cleaning services, lawn care, etc.  Second any information you enter, consider what you enter whenever applying for any kind of insurance, is immediately shipped off to unknown 3rd parties to use for marketing or other more nefarious purposes.

 PastaLead

How does your computer end up with PastaLeads or PastaQuotes installed?  This is one of those infections that piggy backs on top of free software you download and install off of the Internet.  Remember the old adage, "There's no such thing as a free lunch", there's also no such thing as free software off the Internet.

It is very important you pay attention when installing any software onto your computer!  Sure it looks easy to just click through and select the Recommended install when you get to the screen that has installation choices like "Standard (Recommended)" or "Custom" sometimes also "Advanced", but if you want to know what 3rd party crud is being installed along with your software you should typically choose Custom or Advanced as that will often allow you to opt out.

Additionally when you read the license agreement (yes you should read it) or the installation screens and you find them telling you that they will be installing a toolbar or other addon along with the desired software now would be the time to cancel the install and go find another option.

Or more generally speaking simply avoiding "free" software is the best way to go, because if that free software includes something you have to pay a computer company to remove, then it really wasn't free in the first place. PastaLeads-Pop-up-Ads                  

Read more...
Subscribe to this RSS feed

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844

Email: info@tsis.net

Physical Address:

8755 Technology Way

Suite J

Reno, NV 89521

Log in or Sign up