[jrockway]

"Hey everyone, go visit this website that's probably serving malware!"

[anon1385]

Google ads regularly serve malware[1], are you going to tell people not to visit Google?

[1] https://news.ycombinator.com/item?id=8879229

[tombrossman]

This isn't the best way to describe the problem or solution.

Users can be advised to install an ad-blocking plugin for their web browser to protect themselves. Since Google serves adverts from domains other than google.com, users can continue to use the google.com domain for search while at the same time blocking the malware coming from ad networks.

[Daviey]

Are you referring to contents of the linked article or that this is on HN? Need more words.

Surely, if the second - linking to wsj isn't known to serve malware.

Further, if you do not have some trust in your browser to go to potentially compromising sites - you need to change browser or stop browsing.

[scubasteve]

ryanlol already mentioned you could have ran a curl to check what's being delivered.

But, you can also use the Web Archive and check every domain yourself within their waterfall chart: http://web.archive.org/web/20150126072317/http://www.malaysi...

Looks like a bunch of static assets delivered by: fonts.googleapis.com, fonts.gstatic.com, pbs.twimg.com, and www.youtube.com. Looks similar to what I saw post-defacement/pre-fix.

[ryanlol]

A simple curl reveals that it isn't... And how often are deface pages serving malware anyways?

IMO it would be much more sensible to serve malware off of a page that _doesn't_ announce it has been hacked.

[mschuster91]

Not really. A defaced high profile website will draw visitors e.g. from all major news sites, maybe even TV. Combined with a couple 0days or a browser exploit kit, quite a chance to infiltrate a target.

And if you're lucky the online reporters also have twitter/fb account info on their PCs. I guess this is how the various compromises of twitter accounts have been done.