14 DAY TRIAL // The media and advertising team of the New York Times website is currently trying to track down and remove a malicious advertisement promoting scareware. Users are advised to ignore any alerts that warn them of being infected with malware and offering an antivirus solution.
Users started reporting anomalies when visiting the New York Times website since at least Sunday morning. People were apparently seeing a fake virus scan and then they were being redirected to a page offering a rogue antivirus product. Some have reported that the malvertizement completely locked their browser preventing them from the window.
"Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser," a note posted on the New York Times website reads.
According to Rick Ferguson, solutions architect at Trend Micro, the rogueware promoted by the malicious ad was the same one recently pushed through black hat search engine optimization (BHSEO) campaigns, such as the 9/11 one. "In this particular example, the malicious site and sofware is being hosted by a German provider, Hetzner AG, which has a colourful track record when it comes to spewing dodgy content, having hosted literally hundreds of malicious URLs," he notes.
A study conducted in May by German antivirus vendor Avira has revealed that Germany is one of the main sources of malicious URLs used in phishing and malware distribution campaigns. The figures released by the company put the country in second place, hosting 15% of all such URLs, after the United States.
Back in July, we reported that a British celebrity news website had been fighting with similar rogue advertisements. This sort of attack is generally hard to prevent or detect and cybercrooks demonstrated a real ability of passing the scrutiny of even the biggest advertising networks, such as Google, in the past.
This attack vector also raises a trust issue, because while users are generally wary of content from unknown websites, some of them might fall for the scheme when it originates on a high profile one, like in New York Time's case. "If you *ever* see a pop-up windows that arrives uninvited, telling you your PC is infected, ignore it, it is a scam," concludes Rik Ferguson.