Forbes Visitors Forced to Disable Ad-Block See Malware-Ads

Forbes is among a select group of websites that is actively forcing visitors to their websites to turn off their ad blockers. As it turned out, a security researcher visiting the website with his adblocking solution switched off, was redirected to a web page serving malware.

When Forbes detects users are accessing its website with ad-blockers, the website denies access to its content until users disable their ad-blockers. Being the popular news outlet that it clearly is, plenty of visitors to the website are understandably not too pleased.

The irony in this report is that Forbes inadvertently served malware to a security researcher visiting the website, to look into an article featuring a cybersecurity researcher. “The Forbes 30 under 30” article includes a security researcher under the age of 30. When the researcher disabled his ad-blocker to view the website, he was immediately served with a pop-up window (also routinely blocked by an ad-blocker) that instructed the researcher to download malware.

Brian Baskin, the security researcher immediately revealed it via a screen grab on his Twitter page.

The @Forbes website held content until I disabled Ad Blocker. I did so and was immediately given pop-under malware. pic.twitter.com/eDVRAA9ZSu

— Brian Baskin (@bbaskin) January 4, 2016

Baskin added that although the malware pages occur in a small proportion of the ads, disabling an ad blocker can open an entire attack vector.

Despite the barrage of headlines that predictably followed, including the one mentioned on this very article, the fault doesn’t lie with Forbes. Not entirely, anyway. Forbes has clearly trusted its ad provider to keep their ad networking solutions clean of malware.

However, the very fact that Forbes is actively forcing visitors to turn-off their ad-blockers should have the publication being doubly certain of the fact that the website is safe for all visitors.

Ultimately, this proves that adblockers are necessary in this day and age. They aren’t merely beneficial to block advertisements to drain system resources and internet bandwidth anymore. Malware authors have clearly targeted advertisements as their trigger mechanism. The payload is also included in video ads that still use the notorious vulnerable Flash plugin.

Image credit: Wikimedia.