iiNet CEO leaves after TPG buy; Hackers hijack MSN.com ads; Chrome soft-blocks Flash

iiNet CEO David Buckingham has left the ISP, according to a Sydney Morning Herald report.

The report cited four unnamed sources confirming that Buckingham had been let go. TPG COO Craig Levy also confirmed to the SMH that Buckingham had left.

Buckingham’s exit follows soon after TPG’s acquisition of iiNet.

Further official details are scant at this point. One user on discussion forum whirlpool, who implied they were a former iiNet employee but still with connections inside the company, posted on Friday night that Buckingham had “been forcefully made redundant”.

But these comments — alongside any speculation on the matter that may crop up — should be taken with a grain of salt until iiNet, TPG or Buckingham himself makes an official comment.

MSN.com ads hijacked

Attackers have used malicious advertising on Microsoft’s MSN.com web portal to insert malware on end users’ computers, as reported by ITnews.

The attack reportedly attempts to install the Angler exploit kit on the computers of those who visit the MSN.com site.

The popularity of MSN.com makes this attack particularly concerning. Web traffic analysis company Alexa has estimated that MSN.com is the 27th most popular website on the internet (38th in Australia), and as ITnews points out, MSN is the default home page for many users of Microsoft’s Internet Explorer.

Jérôme Segura, a senior security researcher at internet security company Malwarebytes, wrote on his company’s blog: “The same ad network — AdSpirit.de — which was recently abused in malicious advertising attacks against a slew of top media sites was caught serving malvertising on MSN.com.”

Segura explained that users browsing MSN’s news, lifestyle or other portals were served with a malicious ad that silently loaded the Angler exploit kit and attempted to infect their machines.

“The ad request came from AppNexus, which loaded the booby-trapped advert from AdSpirit and the subsequent malvertising chain,” he said.

While Segura said this attack was the work of the same people who launched a malvertising attack on Yahoo!, the attackers seem to be changing their tactics. Where previously they used Microsoft’s Azure, this time they leveraged RedHat’s cloud platform, rhcloud.com, Segura said.

“While we did not collect the malware payload associated with this campaign, we believe it is either Ad fraud or ransomware, Angler’s trademark,” he wrote.

According to Segura, AppNexus has deactivated the malicious creative in question and has said it is investigating the issue.

ITnews quoted an AppNexus spokesperson as saying: “AppNexus has a dedicated team of engineers and invests heavily in the scanning of creatives. We take notifications like [Malwarebytes’] very seriously.”

Chrome soft-blocks Flash

Google’s Chrome web browser has begun soft-blocking online ads that use Adobe Flash, the Wall Street Journal reported.

Chrome isn’t blocking Flash ads entirely. The WSJ reported that Chrome is actually just pausing Flash ads by default; users can click on the ads to prompt them to play, if they so desire.

According to Ars Technica, Google said the move will affect Flash content that isn’t “central to the webpage”.

The WSJ cited Google as saying Flash increases page-load speeds and device battery consumption, and degrades the user experience.

TechCrunch pointed out that Google partnered with Adobe to develop the soft-block feature.

Ars said that this soft-blocking of Flash could help stop the spread of malware via malicious Flash ads.

It seems likely that some advertisers will be unhappy with the news — the WSJ cited figures from an online ad management company that estimate Chrome accounted for around 36% of Flash ads displayed in the first quarter of 2015.