New York Times Site Pop-Up Says Your Computer Is Infected

Zott writes "Apparently, 'some readers' of the New York Times site are getting a bit more with their news: an apparently syndicated adware popup with a faux virus scan of the user's computer indicating they are infected, and a link to go download a fix now. It's entertaining when a Mac user gets it, but clearly downloading an .exe file isn't a good way to keep your computer clean ..." Update: 09/14 03:20 GMT by T : Troy encountered this malware, "and did basic forensics. Summary: iframe ad then series of HTML/JS redirects, ending at a fake virus scanner page with a "Scan" link (made to look like a dialog box button) that downloaded malware." Nice explanation!

It's very entertaining.

I think it's actually more entertaining when I don't get it at all on any platform, because I disabled javascript.

Re:It's very entertaining.

[davidphogan74]

You make people use McAfee to get online? That would be enough to make me transfer.

Re:It's very entertaining.

[Culture20]

It's usually faster to run ComboFix + MalwareBytes (half hour between the tools in most cases) than it is to nuke it from orbit and reinstall Windows. Unless you're paranoid, two programs will take care of your end of your extended family's implied social support contract.

It used to be A rocked, and then A and B rocked. Then B started to suck, so we used A & C, then malware defeated A, so we used D & C (C had to be used second), with a splash of E. A came back with a new version, and we'll call it F. F'n rocked! Then it sucked. etc.

I could never be bothered figuring out which version of what software _really_ cleans up this week's malware. I always would nuke from orbit (after judiciously backing up data using the drive as a neutered USB disk).

Re:It's very entertaining.

[mysidia]

They need to take responsibility for what they publish on their own sites.

I'd like to see a class action suit against the NY Times or the ad network they use by users who were infected.

Based on NYT negligently allowing advertisers to inject code into their web site.

I can understand users getting hit with fake dialogs after clicking on an ad.

But I believe web sites have a duty to take standard precautions and avoid loading remote script code

I differentiate ad content from code. It's not rocket science -- when the advertiser uploads their ad unit, sanitize the input, so the upload cannot contain any javascript, SCRIPT, IFARME, FRAME, or other unexpected tags or tag attributes, for that matter, or any remote loading. Only approved 'safe' HTML tags such as IMG. And any images referred must be uploaded and served from the ad network (again, no remote loading).

Again, it's not rocket science to sanitize input. There's really no excuse for not doing it, other than negligently ignoring security issues, and possible harm malicious ads can do...

Happened to my Parents

[QuantumG]

What really annoys me is that these things are most effective because they use javascript alerts to freeze the browser. If you could just browse away from the crap, I could teach my parents just to ignore it.

"Javascript alerts are not tab modal" has been a known bug in Firefox going on 9 years now. It's not just an annoyance, it's a security bug, fix it!

 

Re:And they wonder...

[Aurisor]

The New York Times is one of the most respected publications in the world. It's not going anywhere.

Re:News? Where?

[petermgreen]

Not exactly news but nonetheless a sad indictment of the state of online advertising that even big sites with a reputation to uphold are using adverts from seedy advert networks who tolerate this shit.

Ads and proxy placement

[bsandersen]

The concern I have over the long term is that sites like the NYT may not know what advertisements will appear because they are placed by bulk-buying proxies that dispense them at page-load time, probably based on evil-cookie trails or other demographic markers. So, the question becomes: how should a presumably high-integrity site such as a major news outlet ensure quality when they've outsourced advertisement delivery?

Review of each possible advertisement would be onerous, but failure to have some standards in place will eventually lead to malware (or worse) injected into unsuspecting reader's machines. I just chuckled when it popped up. I run Macs at home. But, when things like this happen to family members running PCs (and we get the phone call) it stops being funny pretty quickly.

Is there a business case for reviewing advertisements (and the associated mobile code whether it be FLASH, etc.) for a 21st century "Good Housekeeping Seal of Approval"? After all, the NYT and others are just one virus (or porn advertisement) away from a PR nightmare.

Re:It happens on Linux too

[eric31415927]

Two years ago, I got my 67-year-old mother online with a Debian (stable) box for web browsing, emailing, and printing.
At least twice in these two years, she has come across web pages warning that her operating system has been infected with a virus.
The web pages make it look like she has an infected Windows system - similar to the link from the NYT web page.

I reassure her each time that her computer has not been infected, and it is not likely to ever be infected so long as she is careful with her password.
I would like Firefox (or in her case IceWeasel) to have a plugin to avoid loading pages that look like Windows Explorer.
This would save people like my mother and businesses like the NYT from undue stress.

HOSTS file and noscript

[davidshewitt]

...seem to do the trick for me. I put this huge list of malicious sites into my HOSTS file, so most ads never even show up. http://www.grc.com/sn/hosts_mvps_org.txt