NYTimes.com Users Hit by Malicious Ad
NYTimes.com readers got a little bit more news than they bargained for this weekend when it turned out the site was serving up malicious advertisements to some of its visitors. According to a posting on the Website, some readers saw a pop-up messaging warning them that their computer had been infected and telling them to install what was in fact fake anti-virus software. The NYT also posted this message on their Twitter feed to warn users: "Attn: NYTimes.com Readers: Do not click pop-up box warning about a virus - it's an unauthorized ad we are working to eliminate." The prospect of using malicious ads to infect visitors of legitimate sites is nothing new; in fact eWEEK itself fell victim to it not long ago. The situation begs the question of who is responsible for protecting Web surfers from this type of the attack. The New York Times surely has a duty to inform readers of such an attack, but it may be too much to ask an organization the size of the Times to inspect every advertisement in advance. After all - as Sophos Senior Technology Consultant Graham Cluley pointed out - "they're just plugging a small piece of JavaScript onto their Website that collects the next advert from their provider's database." But that doesn't mean the site owners have no role to play. "It is the advertising network that should be screening adverts to hunt for malicious content, higher up the stream," opined Cluley. "And it is the responsibility of the webmasters at the media organisations not to do business with ad suppliers who can't manage this problem properly." No matter how it's distributed, rogue AV scams are not going away. They have in fact been a staple of the Web for years, and their continued prevalence and profitability can be seen here in these reports from Microsoft and Finjan. In this case, the popup gave the user the usual warning that their computer was infected and offered free system cleanup. All you had to do is click on this ad. Of course, the ad took victims to a malicious site being hosted by a German provider, Hetzner AG. A detailed analysis of the code can be found here. |
Comments (4)
There is something fundementally wrong with an advertising mechanism/system that allows this sort of thing to happen. The mechanism/system should be somehow redesigned for better security.
Posted by JohnJ | September 14, 2009 4:20 PM
There is something fundementally (sic) wrong with...
an article that doesn't mention that this exploit targets Microsoft OSes and Microsoft OSes only.
"The mechanism/system should be somehow redesigned for better security."
You're absolutely right. Microsoft should address the problem.
Posted by anon | September 14, 2009 7:14 PM
This has had an impact on hundreds of thousands of people, and I do not believe that these tech-heavy bloggs are the end of it. A class action suit will most likely show up very soon, and that may be the impetus it takes to create the mechanisms that will provide better security.
Also, NYT is claiming that this happened "over the weekend" and my computer was infected on last Thursday. My computer was in the shop for 4 days, the cost was over $100, and I lost 30 points on an online class assignment. No small thing.
Posted by judith weathers | September 15, 2009 2:56 PM
To 'anon': MS cannot be blamed just because a hacker specifically authored malware to target their machines. After all, their software is on about 90% of all computers in the world. There are bound ot be vulnerabilities found by hackers that maybe MS never considered. Its like blaming Chevrolet because someone stole your car. All you need to do is run some quality antivirus and be careful where you click, and you should be fine.
Posted by Mathhaus | December 17, 2009 9:46 AM