The official New York Times website has been suffering from an infection caused by a rogue banner advert, causing visitors to be warned about non-existent virus infections.
As reported over on CNet
, an "unauthorised advertisement
" has resulted in New York Times readers receiving pop-ups alerting them to a supposed virus infection. Once received, the alerts stridently encourage users to download illegitimate security software in order to scan for and fix the alleged infection.
At this point, nobody's PC is infected. Sadly, it's all to common for people to click the link and download the software - at which point some pretty invasive malware gets installed under the guise of free anti-virus software, scans the system, and detects dozens of non-existent viruses. All the so-called infections can be cured, of course - but only if you part with your credit card details for the full version of the software.
, entitled "Note to Readers,
" on the site states that the Times is working to "prevent the problem from recurring,
" and advises visitors seeing an unfamiliar virus warning to "not click on it [but] instead quit and restart your web browser.
This isn't the first time a major site has been hijacked in such a way: conservative estimates put a single strain of malware as having infected around 40,000
websites, and companies as big as BusinessWeek
have fallen victim to the fake viruspeddlers.
Have you ever been tricked into installing unwanted software that proved exceedingly difficult to remove, or do you just have to clean up the mess when family and friends fall victim to these scams? Should the New York Times be doing more to alert its readers about this issue? Share your thoughts over in the forums.