New York Times suffers ad-based malware

New York Times suffers ad-based malware

If you've been visiting the New York Times website recently, check your PC: an infected advert has been peddling malware.

The official New York Times website has been suffering from an infection caused by a rogue banner advert, causing visitors to be warned about non-existent virus infections.

As reported over on CNet, an "unauthorised advertisement" has resulted in New York Times readers receiving pop-ups alerting them to a supposed virus infection. Once received, the alerts stridently encourage users to download illegitimate security software in order to scan for and fix the alleged infection.

At this point, nobody's PC is infected. Sadly, it's all to common for people to click the link and download the software - at which point some pretty invasive malware gets installed under the guise of free anti-virus software, scans the system, and detects dozens of non-existent viruses. All the so-called infections can be cured, of course - but only if you part with your credit card details for the full version of the software.

Site visitors are claiming that the advert, which appears to be in the form of malicious JavaScript code, attempts to hijack the browsing session by preventing the navigation buttons being used to return to the New York Times site once the pop-up is triggered.

A comment, entitled "Note to Readers," on the site states that the Times is working to "prevent the problem from recurring," and advises visitors seeing an unfamiliar virus warning to "not click on it [but] instead quit and restart your web browser."

This isn't the first time a major site has been hijacked in such a way: conservative estimates put a single strain of malware as having infected around 40,000 websites, and companies as big as BusinessWeek and Sony have fallen victim to the fake viruspeddlers.

Have you ever been tricked into installing unwanted software that proved exceedingly difficult to remove, or do you just have to clean up the mess when family and friends fall victim to these scams? Should the New York Times be doing more to alert its readers about this issue? Share your thoughts over in the forums.


Discuss in the forums Reply
Cousteau 14th September 2009, 11:10 Quote
this sounds to me a lot like the "Personal AntiVirus 2009/2010" fake antivirus virus that's doing the rounds at the moment

i work in a computer shop, and the amount of laptops and PCs that come in every week with this infection on is overwhelming sometimes. some people just dont have decent (or any) antivirus programs on their PC, mainly because a lot of people don't realise they need it on their pc to help prevent infections. Also, some of those people who buy their PCs from places like PC World/Currys, etc, do get antivirus programs pre-installed (usually the obtrusive McAfee), but these are only ever usually Trial versions, and because people dont bother to buy a new license or even uninstall it and put something else on (Norton, AVG, Kaspersky, Nod32, etc etc) then said trial version is usually left running in windows and not protecting the customer (yet the customer thinks they are protected because the program is still running in memory)

same goes for those people not updating their web browsers - i've seen MANY customers out there still using Internet Explorer 6, or even an old version of Firefox 2, and neither of these have any protection against popups or malware code on websites... everyone MUST regularly keep their browsers AND antivirus updated....

mind you, i'm ranting here, but more than likely those people who dont know what theyre doing probably havent even read this website anyway, so kind of a wasted rant... lol :)
Star*Dagger 14th September 2009, 11:45 Quote
I would wonder about people on the internet without virus software already installed, duh?!
leexgx 14th September 2009, 11:55 Quote
its bad really as mcAfee and norton does not detect PAV or most Fruadware stuff like it and its Very simple to detect as well (using same folder name and program exe name pav.exe for eg), and i load norton 2009 (2010 is out now see how that one stands up to it)
thEcat 14th September 2009, 14:21 Quote
Have you ever been tricked into installing unwanted software that proved exceedingly difficult to remove

Gratuitous Windows joke: 'New Improved Version 7'

On a more serious note we've had two incidents in the office over the past month, three if you count my deliberate clicking on the popup OK button so I could take a closer look. In all cases a trojan has been dropped irrespective of virus checker settings, in one case the firewall was disabled and in all three cases all windows restore points have been deleted.

What happens after this depends on the software downloaded by the trojan, some software will be detected some will not.

As for the trojan itself, local virus scanning appears pointless, on line scanning is a bit hit or miss. While I had luck finding it with RootRepeal ( ) removing it was a different matter. The likes of Simply Super Software's Trojan Remover ( ) would detect the trojan but removal was only possible once the hard drive had been installed as a data drive in another PC.

It is my understanding that new versions of these trojans are produced on a frequent bases. A report by Panda Security suggests a new version could be released every 24 hours ( ). In this case it is no longer a question of 'what virus checker do you use' but rather a matter of whether or not you were lucky enough to receive a relevant virus checker update in time.
pendragon 14th September 2009, 18:01 Quote
I'd like to take this opportunity to pimp Ultimate Boot CD for Windows as a really good way to clean out malware infections.. used it to great success on my girlfriend's infected PC when all else failed
Cousteau 15th September 2009, 11:13 Quote
personally, ive found both SuperAntiSpyware and Malwarebytes Anti-Malware programs both pick up and remove COMPLETELY the Personal Antivirus and such viruses (and rootkits and other crap) - and for FREE on both - whereas programs like AVG, Norton etc, for some reason dont pick up on them

recommended you have either one of the two programs ive mentioned above :)
LordPyrinc 15th September 2009, 23:54 Quote
Educating the masses so that they dont stupidly click these pop-ups would be nice. Im really getting tired of people calling me because their computers are running so darn slow that they can barely run basic functions. If people would just run a decent anti-virus (and keep it up to date) and not click the pop-ups, my life would be a bit easier.

Sometimes I want to just outright tell them, only download pron from sites that you trust.. :D

While not a foolproof strategy, with good AV and up to date OS and browser, you can usually get by unscathed.
LucusLoC 16th September 2009, 08:40 Quote
i prefer to use a HIPS program. it protects system and program memory and can usually prevent a malicious program from getting installed in the first place. i would recommend blink from it has HIPS, traditional AV and AS and a firewall all built in. does a pretty good job in my opinion, and HIPS is the way of the future for AV anyway. no more pesky deff updates or unreliable heuristics :-)

i also use a sandbox for browsing untrusted sites. has a good one. get all the infections you want, just one click and they all go away.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums