14 DAY TRIAL // Security researchers from cloud security provider Zscaler warn that the website of India's DNA (Daily News and Analysis) newspaper was compromised and is leading visitors to scareware.
DNA is estimated to be the 8th largest English daily newspaper in India and considering that the country has 100 million Internet users, its online version is likely to see a lot of traffic.
The Zscaler researchers have found a malicious script element injected into one of the site's pages, which takes users through a series of redirects until it lands them on a scareware distribution website.
"The malicious script tag directs the victim’s browser to ‘hxxp://vcvsta.com/ur.php’. This page then redirects the user to another malicious site (‘hxxp://www4.to-gysave.byinter.net'), which will again redirect victim to random sites hosting fake antivirus campaigns," explains Umesh Wanve, a senior researcher with the security firm.
The landing page immediately prompts a dialog alerting users that their computers are at risk of malware attacks. "We recommend you to check your system immediately. Press OK to start the process now," the alert reads.
Pressing the OK button takes users to a page mimicking an antivirus scan and claiming that infections were found on their systems.
The page then offers a fake security product for download whose purpose is to display even more alerts and convince them to pay for a license in order to fix the problem.
These programs are known as scareware or roguware and are one of the backbones of the underground economy. The profit they produce allows cyber criminals to fund other illegal activities.
Unfortunately this is just one of the many cases when a popular publication's website is compromised and used to infect visitors with malicious applications.