NYTimes.com readers got a little bit more news than they bargained for this weekend when it turned out the site was serving up malicious advertisements to some of its visitors.
According to a posting on the Website, some readers saw a pop-up messaging warning them that their computer had been infected and telling them to install what was in fact fake anti-virus software. The NYT also posted this message on their Twitter feed to warn users:
“Attn: NYTimes.com Readers: Do not click pop-up box warning about a virus – it’s an unauthorized ad we are working to eliminate.”
But that doesn’t mean the site owners have no role to play.
“It is the advertising network that should be screening adverts to hunt for malicious content, higher up the stream,” opined Cluley. “And it is the responsibility of the webmasters at the media organisations not to do business with ad suppliers who can’t manage this problem properly.”
No matter how it’s distributed, rogue AV scams are not going away. They have in fact been a staple of the Web for years, and their continued prevalence and profitability can be seen here in these reports from Microsoft and Finjan.
In this case, the popup gave the user the usual warning that their computer was infected and offered free system cleanup. All you had to do is click on this ad. Of course, the ad took victims to a malicious site being hosted by a German provider, Hetzner AG. A detailed analysis of the code can be found here.