New York Times suffers ad-based malware

September 14, 2009 // 10:16 a.m.

Tags: #anti-virus #drive-by-download #infected #infected-advert #infected-website #malware #new-york-times #social-engineering

The official New York Times website has been suffering from an infection caused by a rogue banner advert, causing visitors to be warned about non-existent virus infections.

As reported over on CNet, an "unauthorised advertisement" has resulted in New York Times readers receiving pop-ups alerting them to a supposed virus infection. Once received, the alerts stridently encourage users to download illegitimate security software in order to scan for and fix the alleged infection.

At this point, nobody's PC is infected. Sadly, it's all to common for people to click the link and download the software - at which point some pretty invasive malware gets installed under the guise of free anti-virus software, scans the system, and detects dozens of non-existent viruses. All the so-called infections can be cured, of course - but only if you part with your credit card details for the full version of the software.

Site visitors are claiming that the advert, which appears to be in the form of malicious JavaScript code, attempts to hijack the browsing session by preventing the navigation buttons being used to return to the New York Times site once the pop-up is triggered.

A comment, entitled "Note to Readers," on the site states that the Times is working to "prevent the problem from recurring," and advises visitors seeing an unfamiliar virus warning to "not click on it [but] instead quit and restart your web browser."

This isn't the first time a major site has been hijacked in such a way: conservative estimates put a single strain of malware as having infected around 40,000 websites, and companies as big as BusinessWeek and Sony have fallen victim to the fake viruspeddlers.

Have you ever been tricked into installing unwanted software that proved exceedingly difficult to remove, or do you just have to clean up the mess when family and friends fall victim to these scams? Should the New York Times be doing more to alert its readers about this issue? Share your thoughts over in the forums.

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU