A subdomain was abused to serve malware for six weeks
Last week, we learned that a certain section of the Los Angeles Times’ website was compromised and used to serve malware. The newspaper’s representatives say they’ve cleaned up the site, but a large number of users could have been infected during the time it was compromised.Avast experts who have investigated the incident have found that malicious iframes had been hosted on the Offers and Deals subdomain since December 23, 2012.
According to the calculations made by Brian Krebs, around 324,000 LA Times readers were exposed to the attack until the second week in February when the page was cleaned up.
Initially, the LA Times believed that the infection was related to the incident that affected several publications a few weeks ago.
However, in a statement published a few hours ago, they admit that the OffersandDeals.latimes.com, which is maintained by a third party, was in fact abused to serve malware.
“We quickly determined the problem was contained within the Offers & Deals sub-domain, which is maintained by a third party. Our forensics team undertook what is now an ongoing investigation and is working closely with the vendor to collect evidence surrounding the event,” LA Times representatives stated.
“To ensure safety, the Offers & Deals platform has been rebuilt and further secured. The sub-domain generates only advertising content and does not contain any customer information. As a trusted source of news and information, The Times takes matters of internet security very seriously and are pleased to report that there is no malware currently detectable on Offers & Deals.”
Users who have visited the LA Times’ Offers and Deals site between December 23, 2012 and the second week of February 2013 are advised to scan their computers with an updated security product to make sure the devices are not infected with malware.