How Forbes inadvertently proved the anti-malware value of ad blockers

A security researcher found malicious ads on Forbes after following the site's policy that insists readers disable ad-blocking software.

Forbes malware advertisements ad blocker Adblock Plus
Credit: Thinkstock

A few months back I postulated that Adblock Plus and other ad blocking software could act as protection against malware because they kept embedded malware in web pages from ever loading in your browser. Now, Forbes has proven me right.

Forbes has taken an aggressive line against ad blockers. When it detects one running on your system, it denies you access to the content until you turn off the ad blocker. Needless to say, this hasn't gone over very well with some people.

Forbes included a prominent security research in an article called "The Forbes 30 Under 30," which drew a number of other security researchers to check out the article. After disabling Adblock Plus, they were immediately served with pop-under malware. Security researcher Brian Baskin was the first to tweet about it and included a screen grab of the pop-under.

This is not the first time something like this has happened. Engadget notes that malvertising was found on the video site DailyMotion last month, putting an estimated 128 million people at risk. That case involved a particularly nasty strain of malware called "Angler Exploit Kit," which also infected MSN and Yahoo.

For his part, Baskin has tweeted that malware pages can occur in a very small percentage of ads and that disabling an ad blocker can open an attack vector, but he intends to keep reading Forbes with his ad blocker off and just monitor it better.

This problem is not with Forbes, it's their ad network's responsibility. Forbes is operating on trust that its ad providers are keeping their networks clean, and they clearly aren't if Forbes, DailyMotion, MSN, Yahoo, plus that bastion of clickbait, the Daily Mail, are all getting hit in a short period of time.

If you do a news search, you'll find a bunch of stories with headlines all saying "Forbes serves up malware" in one way or another, when it's not Forbes's fault, it's their ad network's fault. Publishers are going to have to lean on their ad providers a lot harder so they don't get tagged with responsibility.

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.