Wikipedia warns users about malware injecting ads into its pages
The normally ad-free site says some visitors have encountered a browser-based malware infection
IDG News Service - Visitors to Wikipedia who see advertisements on the site have most likely fallen victim to a browser-based malware infection, Wikimedia Foundation, the organization operating the website, said on Monday.
"We never run ads on Wikipedia," said Philippe Beaudette, director of community advocacy for the Wikimedia Foundation, in a blog post. "If you're seeing advertisements for a for-profit industry ... or anything but our fundraiser, then your web browser has likely been infected with malware."
One example of such malware is a rogue Google Chrome extension called "I want this," Beaudette said. However, similar malicious add-ons might also exist for Mozilla Firefox, Internet Explorer and other browsers, he said.
This type of malicious software is known as click fraud malware and can target multiple websites at once. In addition to injecting ads into Web pages, such rogue extensions are also known to hijack search queries in order to earn their creators affiliate revenue, said Graham Cluley, a senior technology consultant at Sophos, in a blog post Tuesday.
Spotting this type of rogue behavior on Wikipedia is easier than on other websites because the site doesn't run any commercial advertisements. "We're here to distribute the sum of human knowledge to everyone on the planet -- ad-free, forever," Beaudette said.
Wikipedia's operating costs are covered by donations. An online fundraiser is organized every year, and that's usually the only time a banner is displayed on the site's pages.
Users who are seeing commercial ads on Wikipedia should disable all their browser add-ons to determine if they are the source of the problem, Beaudette said.
Even if this makes the ads disappear, however, it is not necessarily a permanent solution and does not fix the underlying issue. The malware might have other components running on the system that could reinfect the browser.
"Run an up-to-date anti-virus to make sure that whatever might have introduced the unwanted ads isn't also up to other malicious behavior behind the scenes," Cluley wrote.
If disabling the browser add-ons and running an antivirus scan does not solve the issue, it's likely that the ads are automatically being injected into Web sessions at the network level. Some Internet cafA(c)s and free Wi-Fi providers are in the habit of doing this, Beaudette said.
Visiting the affected website over HTTPS (HTTP Secure) might sometimes remove the rogue ads, because HTTPS sessions are encrypted. There are browser extensions like the Electronic Frontier Foundation's HTTPS Everywhere that enable HTTPS by default on websites that support it.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts