Shop Mobile More Submit  Join Login
Why you get viruses from dA... by StevenRoy Why you get viruses from dA... by StevenRoy
...and how to block them.

I hope I've made the screenshot sufficiently self-explanatory. Basically, I caught dA's banner ad system in the act.

There were even a couple of months (admittedly quite a while ago) where I got this sort of thing at least once a week.

So, I blocked the first two sites involved, "optimizedby.rmxads.com" and "partner.googleadservices.com", by editing my "hosts" file (anyone wanna learn how?), and that solved the problem. (It's a more extreme and tricky step than is necessary, but it works for me.) Blocking the latter also apparently fixed the problem with some ads appearing in the wrong places and completely screwing up dA's layout.

You gotta be more careful, deviantART! You gotta be more careful about where you get your ads from!

And the rest of us all better have good virus protection! (I like [Free AVG], but even McAfee is better than nothing... maybe.)

(Incidentally, I've also noticed the same problem, though much more rarely, on the SmackJeeves site.)

-

How to protect yourself if you use FireFox:
A good ad-blocking plugin will do it. I strongly recommend [Ad-block Plus], although [Noscript] is also a popular alternative; either one will work great here.

How to protect yourself if you use Internet Explorer:
[Please read this.]

How to protect yourself if you use Google Chrome:
There are now versions of [Ad-block Plus] for Chrome, Opera, Safari, and other browsers.

Do you need a good free Antivirus program?
Some years ago, some company ran some comprehensive tests that rated several free AV programs based on their effectiveness, their user interface, and their impact on system performance. AVG got third place, behind avast! and Avira.

(Microsoft Security Essentials was also part of this test. It didn't do well!)

I already liked AVG at the time, and it rated highest for user-friendliness, so that's the one I recommended to everyone. However, this was before AVG 2011, which seems less effective and hopelessly bloated to me. Lately, I've been recommending [avast! free]!

Other steps you should take:
If you use Windows, "Automatic Updates" must always be enabled. Also note that [Windows Update] will list "Internet Explorer 8" as a high-priority update on Windows XP systems if you don't have it already; this is for a good reason! I recommend that all Windows users keep IE updated to the newest version available, because this updates system components as well.

Also, IE should not be your primary browser! I strongly recommend you use an alternative browser. Right now I'm using [Firefox] and I love it! Google Chrome is also a popular alternative.

Some of these viruses infect your computer by using "malformed" PDF files. To protect yourself from those, you should ensure that you have the newest version of Adobe Reader. (That's version 10.0.1 as of April 28, 2011.) [Get it here.] (Alternatively, you can remove all PDF support, but that's less easy and less practical.)

Also, make sure you have the newest version of Flash. Adobe provides [this page] which will tell you which version of Flash Player you have installed, and which version is current. (That's version 10.2.159.1 as of April 28, 2011.) If you don't have the current version, you need to upgrade.

(In general, you should always check all Adobe software for updates frequently, because they're sloppier programmers than Microsoft.)

I also recommend "SpywareBlaster". It is not an antivirus program and does not remain in memory or use CPU resources, but it contains a huge list of evil and "restricted" sites, ActiveX controls, and tracking cookies, and reconfigures your browser's security settings (in IE, FF and Chrome) to block them all. This provides an additional layer of protection, best used in addition to a memory-resident antivirus program (such as AVG avast!) and a good ad blocker.

Also worth having: "Malwarebytes Anti-Malware". The free version does not offer memory-resident virus protection, but can be used alongside other antivirus software to periodically scan for (and remove) viruses that your other software may miss.

-

I hope this helps make the internet a slightly safer place. Spread the word; knowledge is power!
Add a Comment:
 
:iconhexaditidom:
Hexaditidom Featured By Owner Jul 20, 2014  Hobbyist Digital Artist
Hmm, so I've been using MSE for a while. I'm not too attached to it, so I'll probably get Avast if it's better. Both of those are memory-resident?

Having also used Windows 7 and Chrome for a while, I also do scans once a month with SpywareBlaster, SS&D, occasionally MalwareBytes... and they never find anything! I suppose that's a good problem to have, but doing all these scans can take all day. And for all I know, I'm not doing them often enough. What are your thoughts?
Reply
:iconstevenroy:
StevenRoy Featured By Owner Jul 20, 2014  Hobbyist General Artist
Yes, Avast is memory-resident, and it's generally considered much better than MSE. I strongly recommend it. (Just make sure you uninstall MSE before installing Avast, to avoid any possible conflicts.)

Also, as long as you have good resident protection (such as Avast) and good browser protection (such as AdBlock Plus for Chrome), you shouldn't need to run additional scans very often. Once a month should be more than adequate.
Reply
:iconmiffthefox:
MiffTheFox Featured By Owner Mar 12, 2013  Hobbyist Digital Artist
This is a ever-useful resource I link people to, but I think it should be updated now that ad blocking exists in IE 9 and later, under the banner of "tracking protection". All you need is a third-party list file called a TPL. Fanboy's list at [link] is one of the suggested filter lists for Adblock Plus that can also be installed into Internet Explorer as a TPL.
Reply
:iconstevenroy:
StevenRoy Featured By Owner Mar 12, 2013  Hobbyist General Artist
Internet Explorer finally catches up to decade-old Firefox technology yet again? Wonderful!

Seriously, though, this is good information. Thanks!
Reply
:iconthefictionwriter:
TheFictionWriter Featured By Owner Sep 23, 2012  Student General Artist
Or you could install Adblocker and forget about ads ANYWHERE YOU GO!!! EVEN YOUTUBE!
Reply
:iconstevenroy:
StevenRoy Featured By Owner Sep 23, 2012  Hobbyist General Artist
Exactly! There's a reason why Ad-Block Plus for Firefox happens to be the very first link in the description here.

It's not even really about blocking the ads themselves; I wouldn't mind the ads nearly as much if they were safe! But whenever one of these internet ad companies isn't careful about the kinds of HTML code they accept and distribute, this sort of thing can sneak in, and suddenly the town is overrun by parasprites!
Reply
:iconshawnskunk:
ShawnSkunk Featured By Owner Jul 10, 2012
I'll keep this in mind.
Reply
:iconpictureonprogress:
PictureOnProgress Featured By Owner Nov 13, 2011  Hobbyist General Artist
Ads drive me insane :pissed:
Whenever I see a page full of these, I just tell them :stfu:
Thanks for the useful info
Reply
:iconfixzitt:
Fixzitt Featured By Owner Aug 14, 2011  Student General Artist
Wonderful advice along with some pictures to help us better understand. GJ!!
Reply
:iconfixzitt:
Fixzitt Featured By Owner Aug 14, 2011  Student General Artist
:iconyoucanhasitplz: :iconsaysplz: Lul stoopd ads no get m nao.
Reply
:iconred-fathom:
Red-Fathom Featured By Owner Jun 12, 2011
got internet security 2011 today. tiard of them saying they are going to do something it's bs.

kaspersky is ausome as well, but ive been without a job for more than a year.
Reply
:iconomio9999:
Omio9999 Featured By Owner Apr 29, 2011
Here, you're implying that the ad itself is a virus - which is not always the case; it's the changes that the ads make, as far as I've noticed.

Using this, the only problems I get from ads, using Google Chrome and this [link] is tracking cookies and other cookie jazz (I'd have to disable my blocked cookie list entirely to get a screenshot of my anti-virus catching a crapload of them).

Mind pointing me to an antivirus screenshot so I can see what you're talking about? Maybe our cases go hand-in-hand.
Reply
:iconstevenroy:
StevenRoy Featured By Owner Apr 29, 2011  Hobbyist General Artist
Yeah, that's not what I meant to imply. Let's see if I can clarify this:

In this screenshot, the virus is the file loaded into the 2x2 IFRAME (at the bottom of the red area) within the 1x1 IFRAME (above red area). Yes, that file is not the ad itself (good luck fitting a useful ad into a 1px square), but the code serving the virus comes (indirectly) from the same site serving the ad.

(As for cookies, yes, there are privacy concerns surrounding the way these ads use cookies, but that's actually not part of this process.)

You want a screenshot proving that the file I pointed out is a virus? Well, I hope [this] is good enough!

(Thanks for the +watch, by the way.)
Reply
:iconomio9999:
Omio9999 Featured By Owner Apr 30, 2011
Veracity and meaning confirmed. =]

I want you to post - in decent summary (I intend to paraphrase and re-word, but still credit you, so include links) - info about this issue in my news thread here: [link]

Once I have it re-written, you will surely (and massively) be credited. I'll also fire a link you a link via note so you can spread it around.

Also, you're welcome for the watch. We're on the same line of business. =]
Reply
:iconglmathgrant:
GLmathgrant Featured By Owner Apr 28, 2011
Eye-openingly informative. I don't think I've ever felt so glad that I use AdBlock Plus. Ironically, it was the threat of an attack on this site's rival SheezyArt that made me install ABP. . . but this is more than a mere threat, but an actual attack!

I'm glad my personal blog is completely ad-free. It keeps my readers safe.
Reply
:iconstevenroy:
StevenRoy Featured By Owner Apr 28, 2011  Hobbyist General Artist
Internet: The largest logic puzzle ever!
Reply
:iconglmathgrant:
GLmathgrant Featured By Owner Apr 28, 2011
Logic puzzle? What makes you think I'm going to understand an analogy about logic puzzles? ;3
Reply
:iconkittythenekoalien:
KittyTheNekoAlien Featured By Owner Mar 7, 2011  Hobbyist General Artist
omg wow.
i use chrome and it warns me if there is stuff that can mess with my computer!
Reply
:iconomio9999:
Omio9999 Featured By Owner Apr 29, 2011
Mine doesn't even warn me, just kills it outright. xD
Reply
:iconblueflame093:
BlueFlame093 Featured By Owner Feb 28, 2011  Hobbyist General Artist
Thanks for this. Do you mind if I link to it in my journal?
Reply
:iconstevenroy:
StevenRoy Featured By Owner Feb 28, 2011  Hobbyist General Artist
Please do!
Reply
:iconreytiger:
ReyTiger Featured By Owner Jan 24, 2011  Hobbyist General Artist
This is probably the most practical thing I've run across on this site. Thank god some of us know how the interwebs work :p

Also, their class name is rather funny and also explains how to solve the problem.

For the hostfile, I assume you mapped the sites to 127.0.0.1, right?
Reply
:iconstevenroy:
StevenRoy Featured By Owner Jan 24, 2011  Hobbyist General Artist
Glad you liked it!

And yes, always remember to confuse your Fella regularly!

And yup, that's what I did, although now I use 0.0.0.0 instead of 127.0.0.1 because it seems like "invalid address" is a slightly faster fail than "connection refused". (I also map the word "null" to that address for reverse lookups, otherwise I get confusing results when I use "netstat" et cetera.)
Reply
:iconreytiger:
ReyTiger Featured By Owner Jan 25, 2011  Hobbyist General Artist
Ah, yes that would be faster. And by mapping "null", I assume you're using it just as an alias for the user's sake, right?
Reply
:iconstevenroy:
StevenRoy Featured By Owner Jan 25, 2011  Hobbyist General Artist
Well, the main reason is that when a process is listening on a port, "netstat -a" lists 0.0.0.0 as the "foreign address" for that socket. Displaying "null" for that address is much better than displaying something random like "optimizedby.rmxads.com" and relying on me not forgetting that that address actually means 0.0.0.0 now!
Reply
:iconnamenotrequired:
namenotrequired Featured By Owner Sep 2, 2010  Student Interface Designer
Also, there's information on how to report illegal ads here: [link] under the second header (Reporting Bad Advertisements). :)
Reply
:iconmiffthefox:
MiffTheFox Featured By Owner May 10, 2010  Hobbyist Digital Artist
Yep.

We need ad service that only allows jpg, png, and text, no gif, no flash, no html, no JavaScript.

Perhaps then people would block them less because it isn't annoying or maliciouis.
Reply
:iconreytiger:
ReyTiger Featured By Owner Jan 24, 2011  Hobbyist General Artist
Amen to rolling back ads to 1998!
Reply
:iconohcf:
OHCF Featured By Owner May 9, 2010
Addendum:
Chrome: Install Adblock [link]
Adblock button for the space next to the omnibar: [link]

For you twitter users, Chromed Bird is a pretty good extension(4 months with it, and it's nice to have it accessible via a button): [link]
Reply
:iconstevenroy:
StevenRoy Featured By Owner May 10, 2010  Hobbyist General Artist
Those links look useful. Thanks.
Reply
:iconohcf:
OHCF Featured By Owner May 10, 2010
No problem.
See ya at whenever :iconcaninehybrid: has a chance to stream again, Mr Moderator :P
Reply
:iconlenalis:
Lenalis Featured By Owner Apr 12, 2010
Ooooooh layman's terms! Thank you!

I've been curious as to how exactly the nonsense began, but at a loss of how to explain it to people. Thanks!
Reply
:iconanaloganomaly:
AnalogAnomaly Featured By Owner Mar 18, 2010
you can edit the lmhosts if you really want but.. it's really easier just to use firefox with no-script.
Reply
:iconhawkscomm:
HawksComm Featured By Owner Mar 17, 2010  Professional Digital Artist
I don't doubt it. DA had a lot of ad services running, some that I think users aren't very aware of.

I use Firefox and use the Firefox addon Script Blocker, it's a fairly aggressive ad killer and webscripting stopper. I have to allow DeviantArt.net, deviantart.com - and then hit and miss the others to see what lets DA function correctly or not. I would prefer to block out all the unessential ad scripting if I can.

So much advert scripting can lead to exploits and spyware exploits. That's why I'm wary of it all the time. I'm a solid supporter of FireFox and a decent script blocking/ad blocker addon if you can find one. Explorer - any version isn't very good and will allow too much of that crap to get past it's own so called filters.
Reply
:iconcunningfox:
CunningFox Featured By Owner Mar 1, 2010  Hobbyist Digital Artist
hey steven I reported this issue to DA admins with your picture here as proof. They told me to fill in this add reporting thing if its giving out viruses: [link] I wouldn't have any idea what to do so maybe you can? xD
Reply
:iconstevenroy:
StevenRoy Featured By Owner Mar 1, 2010  Hobbyist General Artist
Nice form. Thanks for the tip.

In fact, it gave me an idea: At some point, I may try creating a program to manually download a bunch of ads from that "rmxads" server (and also further down the ad chain), to try to determine if the problem is with "rmx" themselves or just one or two of their advertisers. If I get a really interesting result, that form might end up getting hammered!

(And I find it fascinating that they're using Google Docs for this, instead of programming their own form somewhere on dA. It's an interesting choice!)
Reply
:iconthat-one-midget:
That-One-Midget Featured By Owner Feb 19, 2010  Hobbyist Traditional Artist
Just curious, have you told an admin or anybody about this?
Reply
:iconstevenroy:
StevenRoy Featured By Owner Feb 19, 2010  Hobbyist General Artist
Nope, haven't bothered the admins yet...

I'm worried about risking their wrath. =p
Reply
:iconthat-one-midget:
That-One-Midget Featured By Owner Feb 19, 2010  Hobbyist Traditional Artist
Heh, true. They might bombard you with more ads :P
Reply
:iconkzilla2000:
kzilla2000 Featured By Owner Jan 27, 2010
hmm,never knew,but mcafee andanti-maleware protects my cp! ;)
Reply
:iconpainting-with-light:
painting-with-light Featured By Owner Jan 27, 2010
Had no idea of such things, perhaps because I have a paid account?
Reply
:iconstevenroy:
StevenRoy Featured By Owner Jan 27, 2010  Hobbyist General Artist
Yeah, paid accounts don't get the ads, so they don't get the viruses.

It's all part of dA's cunning plan... =p
Reply
:icontobyf:
tobyf Featured By Owner Sep 6, 2014
You still get deviantArt "promotional messages" (= ads). These are specifically excluded. 

Premium Subscription Benefits by tobyf
Reply
:iconpainting-with-light:
painting-with-light Featured By Owner Jan 27, 2010
I understand :D
Reply
Add a Comment:
 
×


More from DeviantArt



Details

Submitted on
January 27, 2010
Image Size
95.7 KB
Resolution
1024×768
Link
Thumb
Embed

Stats

Views
4,373 (2 today)
Favourites
43 (who?)
Comments
44

License

Creative Commons License
Some rights reserved. This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 License.
×