Anti-adblocker firm PageFair's users hit by fake Flash update
Company apologises and offers proper post mortem
PageFair's detailed postmortem was an attempt to avow the company's appreciation of security, its understanding of the incident and justify its response to it, and comes in stark contrast to other attempts at incident management in recent week.s
The company stated that the malicious file "adobe_flashplayer_7.exe" would only have targeted Windows users, and would have been prevented from executing by most virus scanners, although the company understood that not everybody may have been able to correctly detect it.
In addition, not all Windows users accessing your site during the affected period of 83 minutes will have been affected. Due to caching rules, only visitors who had not been active on your site in the previous 120 minutes would have connected to the CDN.
Also, 33 minutes after the attack started we reconfigured our DNS settings to bypass the CDN entirely. This change began propagating immediately (with a TTL of 60 minutes), and would have prevented many users from ever connecting to the CDN during the attack period.
Finally, at 01:15 GMT, we deleted the CDN "pull zones" in our account, which immediately ended the attack. From that point forward, users were no longer affected.
A company statement claimed that "[t]here is no evidence or reason to believe that any core PageFair servers or databases were compromised. No publisher account information, passwords or personal information has been leaked."
PageFair told us the company's internal audit regarding the incident affects only potentially confidential contractual information.
Malwarebytes' Boyd told The Register that "it only strengthens the case for why people block not only adverts but tracking and analytics services."
Any element on a page can ultimately be turned against the visitors, and given how many high profile Malvertising attacks there have been this year it's only natural that people and businesses are becoming very choosy about what aspects of a website they're comfortable allowing inside their web browser.
"Where ads and tracking are concerned, less is most definitely becoming more." said Boyd. ®