Of late, Forbes.com had been asking its users to disable ad blockers (if any) in order to browse its website. Thus, if you had extensions such as AdBlock enabled in your browser and visited Forbes, you’d not be able to access the content until you disabled AdBlock.
Many users did oblige and disabled their ad blockers, and this is where it got interesting: Forbes.com served ads, and along with that, malware.
You read that right.
As observed by a user Brian Baskin, Forbes.com served malware with its adverts to users, once the ad blockers were disabled. Basking posted a screenshot on Twitter, you can check it out here.
Was Forbes.com hacked? Nope.
Apparently, just like many other enormous websites, Forbes too relies on third-party ad networks that serve advertisements via ad providers. However, most of these ad networks sign agreements with ad providers who, in turn, sign agreements with advertising clients. As such, the ad networks and/or the ad providers do not actually *serve* the ads themselves, but instead, act as outlets or channels for interested advertising partners or clients.
Since multiple parties are involved, it is not a surprise that malicious content can find its way via ads, even without having to compromise the target website (in this case, Forbes.com). In fact, such malware, if disguised as advertisements, can even serve itself over HTTPS, making it even more difficult to detect.
Lastly, if you were one of the users who turned off their ad blockers for browsing Forbes.com, be sure to run a scan on your device, because such malware does not require users to “click” on the advertisement in order to infect the user’s machine.
Whatever happened to Forbes is not unique, and is not due to the fault of Forbes itself. However, insisting that users turn off their ad blockers in order to access content is slightly far-fetched, and not many users will be happy with such demands.
What do you think of this incident? Be sure to share your views in the comments below!