New York Times suffers ad-based malware
If you've been visiting the New York Times website recently, check your PC: an infected advert has been peddling malware.
As reported over on CNet, an "unauthorised advertisement" has resulted in New York Times readers receiving pop-ups alerting them to a supposed virus infection. Once received, the alerts stridently encourage users to download illegitimate security software in order to scan for and fix the alleged infection.
At this point, nobody's PC is infected. Sadly, it's all to common for people to click the link and download the software - at which point some pretty invasive malware gets installed under the guise of free anti-virus software, scans the system, and detects dozens of non-existent viruses. All the so-called infections can be cured, of course - but only if you part with your credit card details for the full version of the software.
Site visitors are claiming that the advert, which appears to be in the form of malicious JavaScript code, attempts to hijack the browsing session by preventing the navigation buttons being used to return to the New York Times site once the pop-up is triggered.
A comment, entitled "Note to Readers," on the site states that the Times is working to "prevent the problem from recurring," and advises visitors seeing an unfamiliar virus warning to "not click on it [but] instead quit and restart your web browser."
This isn't the first time a major site has been hijacked in such a way: conservative estimates put a single strain of malware as having infected around 40,000 websites, and companies as big as BusinessWeek and Sony have fallen victim to the fake viruspeddlers.
Have you ever been tricked into installing unwanted software that proved exceedingly difficult to remove, or do you just have to clean up the mess when family and friends fall victim to these scams? Should the New York Times be doing more to alert its readers about this issue? Share your thoughts over in the forums.
Previous Article
8 Comments
Discuss in the forums Replyi work in a computer shop, and the amount of laptops and PCs that come in every week with this infection on is overwhelming sometimes. some people just dont have decent (or any) antivirus programs on their PC, mainly because a lot of people don't realise they need it on their pc to help prevent infections. Also, some of those people who buy their PCs from places like PC World/Currys, etc, do get antivirus programs pre-installed (usually the obtrusive McAfee), but these are only ever usually Trial versions, and because people dont bother to buy a new license or even uninstall it and put something else on (Norton, AVG, Kaspersky, Nod32, etc etc) then said trial version is usually left running in windows and not protecting the customer (yet the customer thinks they are protected because the program is still running in memory)
same goes for those people not updating their web browsers - i've seen MANY customers out there still using Internet Explorer 6, or even an old version of Firefox 2, and neither of these have any protection against popups or malware code on websites... everyone MUST regularly keep their browsers AND antivirus updated....
mind you, i'm ranting here, but more than likely those people who dont know what theyre doing probably havent even read this website anyway, so kind of a wasted rant... lol :)
Gratuitous Windows joke: 'New Improved Version 7'
On a more serious note we've had two incidents in the office over the past month, three if you count my deliberate clicking on the popup OK button so I could take a closer look. In all cases a trojan has been dropped irrespective of virus checker settings, in one case the firewall was disabled and in all three cases all windows restore points have been deleted.
What happens after this depends on the software downloaded by the trojan, some software will be detected some will not.
As for the trojan itself, local virus scanning appears pointless, on line scanning is a bit hit or miss. While I had luck finding it with RootRepeal ( http://rootrepeal.googlepages.com/ ) removing it was a different matter. The likes of Simply Super Software's Trojan Remover ( http://www.simplysup.co.uk/tremover/index.html ) would detect the trojan but removal was only possible once the hard drive had been installed as a data drive in another PC.
It is my understanding that new versions of these trojans are produced on a frequent bases. A report by Panda Security suggests a new version could be released every 24 hours ( http://www.pandasecurity.com/uk/homeusers/media/press-releases/viewnews?noticia=9805 ). In this case it is no longer a question of 'what virus checker do you use' but rather a matter of whether or not you were lucky enough to receive a relevant virus checker update in time.
recommended you have either one of the two programs ive mentioned above :)
Sometimes I want to just outright tell them, only download pron from sites that you trust.. :D
While not a foolproof strategy, with good AV and up to date OS and browser, you can usually get by unscathed.
i also use a sandbox for browsing untrusted sites. sandboxie.com has a good one. get all the infections you want, just one click and they all go away.