The webcomics blog about webcomics

Name, Shame

Some of you are subscribes to Webcomics Dot Com, wherein Brad Guigar does his best to enlighten and aid those who are serious about their webcomickin’. On occasion, he writes on something important enough that I feel the need to draw attention to it, and today is one of those days. It started with a notice on the front page of Brad’s own comic yesterday:

I’ve been getting reports that Evil Inc has been delivering an ad that hijacks the reader’s browser, presenting a full-screen ad along with one of those “are you sure you want to leave” boxes that require the user to click a Yes or No.

I hate those things. They invariably lead to scams or deposit nastyware on your computer. I avoid a lot of them by using a browser that lets me control Javascript down to the domain level — the number of sites that I turn on JS for can be measured in the low tens — and I still have to resign myself to getting hit by these parasites every once in a while. It’s for this reason that I do things like banking on a netbook that runs a no-persistence Linux install off a USB key. Yes, I am paranoid.

Guigar followed up on his adventures in cleaning up the payload that snuck through one of his ad brokers today; from the public summary of the WDC posting: is delivering a malicious, pop-over ad to Web sites, offering readers a chance to win a free iPad — and implying that the deal is an exclusive offer from that site — even including a deceptive trademark identifier (®) after the site’s URL at the bottom left-hand corner of the ad.

When the user tries to close the ad, another pop-up appears, with one of those “do you really want to leave this site — Yes or No” messages that make you wonder what you’re really answering “Yes or No” to if you click it.

In the end, most users force-quit their browsers and write the site an angry e-mail (and rightly so).

Here are a few tips on making sure your readers aren’t being inundated with annoying ads.

Log-in to read the entire post.

Brad kindly comped me a WDC account, so I’ve read the entire post, but I’m not going to share it here since it is intended for his subscribers. However, I can tell you that he’s done a pretty complete step-by-step of how he dealt with his ad services, and though he was pretty sure that the malicious code came from one of them, he contacted each of them to cover his bases. Just as well, as it appeared that the source of this particular nasty was also found on another ad service, it just hadn’t been causing any problems yet.

Guigar’s most useful bit of advice was probably from yesterday’s appeal, and something that everybody — creator and audience — should keep in mind:

[I]f this happens to you … please alert me as soon as possible. If you can, please include:

  • A screengrab of your browser window
  • A page script (fiddler / firebug) of the ad appearing
  • Any logistical information (time the ad appeared, browser type, page URL, etc).
  • That information will be useful in helping the ad service track down and nuke the offenders. It’s a delicate balance, trying to ensure that your site isn’t spewing crap through a channel that operates on a certain amount of trust¹ while at the same time not blocking so severely that you don’t make any money. I want to thank Brad for sharing his (unpleasant) experience with the rest of us, and if you were wondering about subscribing to WDC, I’d say this particular tutorial might well be worth the $30 annual fee by itself.

    Let’s look at something cheerier, shall we? Kate Beaton drew a couple of comics for Amazon’s book blog, and they’re great. I’m not going to copy the images here (since they’re meant for that site), but I am going to point you to lessons in family dynamics, Plantagenet Style.

    ¹ To say nothing of scrubbing comments of linkspam, and dealing with actual attempts to hack boxes, which has hit everybody from the Abominable to the Weiner in the past.

    I made a conscious decision not to have ads on my webcomic. Although there is the potential to make money off them, when you break it down it’s not worth it unless you’re a really popular comic (i.e. Evil, Inc.) and it just isn’t worth 6 cents a month to compromise my work. It is alluring when you hear of people making a living off ads (and I’ve thought about changing my tune multiple times) but then stuff like this comes up and I remember why I made that choice. Not to say one is better than the other, they’re just different ways to go about things.

    That being said, if my site ever got hacked I wouldn’t know the first thing to do, so I’m glad Brad was able to handle everything… maybe having ads actually gives you the resources to combat stuff like this.

    RSS feed for comments on this post.