YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported. From a report: Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube. On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain. The ads contain JavaScript that mines the digital coin known as Monero.

  Ad Blockers

    by sconeu ( 64226 ) on Friday January 26, 2018 @03:06PM (#56010041) Homepage Journal

    This is why I run an adblocker and a script blocker.

    And why I refuse to visit sites that insist I turn it off.

    Speaking of which, anyone know any WebExtensions that do anti-anti-adblock? The old one was XUL.

  • Can the workloads really be broken down into such small chunks that running during a 15-30 second ad gets any useful work done? It seems coordinating breaking up and putting back together such small work parts would be more computational power than its worth.

    

      by bohmt ( 900463 )
      The work is small. Just with a really low probability of success. This is why "mining" is usually done on GPUs, more tries more winnings.

    • Consider an algorithm such as Yescrypt (http://password-hashing.net/wiki/doku.php/yescrypt) which is a valid CPU cryptomining algorithm. My CPU (Broadwell i7 6800K) finds a share every 5 seconds with 11 threads running. I extrapolate a quad core CPU would find a share every 15-20 seconds. Those shares add up if the receiving wallet and mining pool are the same. This means wallet "iourthoesruithjvansoivrzupaweo" could have a swarm 10K workers mining for 30 seconds each on the same pool, and find 10K shares e

    

      by pezpunk ( 205653 )

      you can definitely break the workload into small chunks that only take a few seconds.

      multiply all those small hashrates by tens of thousands of pageviews, and you start pulling in quite a respectable ROI. The hard part is finding a Monero pool that doesn't ban you for making tens of thousands of tiny connections.

    

      by Greyfox ( 87712 )
      Does the Javascript have to stop running when the ad completes? If it could stay up for the entire time you watch a video, that could make a mint.
  • Quick! Everyone stop using Youtube so we can swing the apocalypse back into the hands of the creators.

  Chrome has Extensions for that

    by Anonymous Coward

    One that comes to the top of my mind is Mineblock.
    It specifically blocks cryptominers of all kinds, even ones that the usual script blockers and other antimalware stuff miss.
    It's not the only one, and I'm sure that eventually the others will catch up to these types of extensions, but it's still relatively early days for this kind of infestation.

    Keep up to date on whatever you use, and those leeches won't find you an easy meal.

  • This is why I absolutely refuse to to surf without adblockers in place.
    The whole online ads thing has been a shit-show since the word "go".
    And they piss and moan about it, while taking ever greater liberties with computing resources THEY DO NOT OWN.
    You can't even trust GOOGLE for chrissakes! And they're a browser vendor? How VERY convenient!

    You wanna block me from viewing your content because I don't let you infect, destabilize, and take over my system?
    Fine, I don't need to see your shit content that bad.

  • I repeatedly surprised (and appalled) when I visit a favorite site on a machine other than my own (the horror!!)

  • I know dedicated mining operations are way more efficient, but botnets can get pretty large.

    Are there any estimates on just what proportion of crypto-currencies are mined through illegitimate means?

