Home Delivery: The New York Times Serves Up Some Malware

Source: Wall Street Journal

Here’s a front page story the New York Times (NYT) would rather not be running: The paper is warning readers to be aware of bogus ads running on its Web site.

The paper says “some readers” have seen unauthorized pop-up ads promoting antivirus software on NYTimes.com, and warns visitors who see the ad not to click on it but to restart their browsers instead. While the Times doesn’t spell this out, it has likely had its site hijacked by a “malware” scammer who is trying to trick visitors into installing pernicious software onto their hard drives.

"The ad hijack my computer. Say I’m reading an article (the Clean Water Act was the one that caught me). It then redirects my browser involuntarily to sex-and-the-city.cn. That site then redirects to the ad I screen-captured. At no time did I click anything. That’s what is so nefarious about this malware.

Thankfully, since I run OS X, I knew immediately it was malware (seeing WindowsXP on a Mac where that’s not installed is suspicious)."

Read more: http://mediamemo.allthingsd.com/20090913/home-delivery-the-new-york-times-serves-up-some-malware

---

If you go to the link, you can see what the pop-up window looks like. Just like in the article, earlier today it popped up at nytimes.com without me clicking on anything.

following link from HuffPo to Maureen Dowd commentary.

i clicked on nothing, it launched itself.

i'm on OS X so i'm not freaked out.

but i did advise the H to NOT read the NYT online today on his Windows system.

But to see it happen at the New York Times was a bit shocking.

Then I chuckled.

I just brough up task manager and killed the browser and that took care of it. I don't even use Windows firewall or malware programs so I found it particularly strange that that is where the warning came from.

No malware problems with the ads there.

I have a question for Mac users (of which I have long been one). Previous to OSX, when I set the block popup function, I never got popups on Safari. With OSX (10.5.8), even though I seem to have the popup blocker activated, I get quite a few of them. Suggestions?

I'm on a Mac so just restarted and had no further problems. Strange, though.

I had to wipe the entire disk and reinstall the OS and everything else. Luckily I did a backup 2 days earlier.

With all the happy, fraud friendly features such as Click Through, Event Handlers, and ActiveX malware, nearly 80% of the computers in the US could be compromised is a few hours..

Does anyone really think that Microsoft hasn't been able to address this issue for nearly 8 years without some profitable reason to let it continue?

These vulnerabilities are the doom of Trustworthy computing, and follows in the heels of Trustworthy Government, Trustworthy Banks, Trustworthy Military, and Trustworthy Corporations, all of which have been revealed as nothing mores then smoke and mirrors.

As my library grows, the less inclined I am to subject mysefl to the constant malicious attacks present on the Internet..

does not discriminate once installed.

Other technologies, like Flash, if programmed correctly, can compromise the host platform. I don't know how, but theoretically anything is possible. And the internet is the perfect conduit.

And if you cared to look, you'd see Microsoft acts as if malware writers are a figment of some moron's imagination. Or they're just sloppy which means they prefer to hire morons. Like I care anymore, techs in the industry are often scapegoated for the bullshit coming out of tech companies, but I digress... VB scripting, ActiveX, they have virtually no security -- they, for lack of better phrase, open hackers with open arms. And you can't blame Apple for those.

and all this nonsense will cease immediately.

Try another zinger for effect, I'm sure you'll get more credibility for your nonsense.

It's because MS thinks it they don't exist.

And don't think for one minute that their isn't a good reason to do so.

I do not frequent the NYT online, but Yahoo's main page was affected a while back and Avast blocked it with a big warning box.

Kind of a surprise seeing it on an NYT link though.

not navigated off DU. in fact, it has happened twice this week to me. I've sent an email to Elad to see if they can take care of it.

when I went to read the opinion section.

TrendMicro did not stop them. Time to do a full system scan :(

Seriously - I hope your system was unharmed. :-) And thanks for getting the word out.

That's a windows executable like most malware and does not work on a Mac.

You would have go though a lot of pain and effort to get malware to affect a Mac.

Seems that mission was accomplished. I am glad you were smart enough not to click on the warning...

The point is to get a naive unsuspecting user to click the "warning", installing the rogue "Antivirus 2010" program on their PC. The .exe won't run on a Mac (unless you're running Windows on it via BootCamp or Parallels, then it can hose the Windows partition, but that's it.)

Antivirus 2010 is really nasty...it has a rootkit component now making it harder to get rid of.

Todd in Cheesecurdistan

Someone needs to spend some serious prison time for pushing vandalous software.

I've had this completely lock up my system. Had to pull the power cord because it completely disabled my system. Being a network analyst, I know what to do. My Mother? Now, she wouldn't have a clue. Dangerous.

I had no idea it was the Times site that did it, but now it makes perfect sense.

and I'm a Mac user, so I knew that a piece of Windows malware wasn't going to harm the Mac side of my computer.

But it was really annoying.

trying to access the Frank Rich column from BuzzFlash.

http://www.wired.com/threatlevel/2009/09/dan-brown

On Tuesday, NBC’s Today show kicked off a week-long promotion for Brown’s Da Vinci sequel by airing the first of a series of clues to the thriller’s plot, in the form of a tour of a real-life biological research facility nicknamed the “Death Star” because it houses dead animal specimens. Host Matt Lauer challenged viewers to identify the research site and its location, and thereby acquire vital information about the novel. “Suffice it to say, that this facility is a big part of the book,” said Lauer. “So, if I’m in a place called the Death Star, where am I?”

But on Wednesday morning the top Google search result for “death star research” — the logical query — would bring you no closer to unraveling the Lost Symbol mystery. Instead, it produced a malicious website that uses pop-ups, mouse-trapping and a well-executed fake virus scan to trick you into installing a Windows executable that will screw up your computer pretty badly.

The software is a scareware product called Smart Virus Eliminator that pesters you with false virus reports and urges you to pay anywhere from $59 to $79 for a “registered” version of the program. The code does other bad things as well, and is a well-known scam linked to an Eastern European cybercrime group. What’s impressing experts is the rapidity with which those black hats are able to use search engine optimization techniques to plant their flag atop a trending search like “death star research.”

Many sites are getting hit like this these days. The ads they run are fed through internet syndicators and some of the ads are intentionally written with an I-Frame or java exploit.

I'd be yelling.

Rupert STRIKES!

Hmm... NYT... Project 9/12... Heavy Fox involvement in said "project"... Big unfounded Right Wing grudge against NYT (It's part of the liberal media, don'tcha know)... News Corpse's long history of hiring hackers (See the Directtv incident)... WSJ breaking the story... and on and on.

Yep, blame Rupert.

No matter... Like all liberals supposedly drive Volvos... We all use Macs or Linux. ;)

:rofl:

I'm sure there was a story 2001/2002(ish) where they (the NYT) had left a couple of internal proxy servers improperly secured that allowed access to their entire internal network.

This time it was their banner ad feed that was hacked, part of the system that probably wasn't as well secured as their main content servers.