Slashdot Mirror

← Back to Stories (view on slashdot.org)

New York Times Site Pop-Up Says Your Computer Is Infected

Posted by timothy on from the if-you're-reading-this-you-have-a-virus dept.

Zott writes "Apparently, 'some readers' of the New York Times site are getting a bit more with their news: an apparently syndicated adware popup with a faux virus scan of the user's computer indicating they are infected, and a link to go download a fix now. It's entertaining when a Mac user gets it, but clearly downloading an .exe file isn't a good way to keep your computer clean ..." Update: 09/14 03:20 GMT by T : Troy encountered this malware, "and did basic forensics. Summary: iframe ad then series of HTML/JS redirects, ending at a fake virus scanner page with a "Scan" link (made to look like a dialog box button) that downloaded malware." Nice explanation!

7 of 403 comments (clear)

  1. News? Where? by SilverHatHacker · · Score: 5, Interesting

    What exactly makes this different from any of the other hundreds of sites with the same popup? Is it just because this is a large, well-known website like the New York Times?

    --
    Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
  2. Re:It's very entertaining. by PlusFiveTroll · · Score: 5, Interesting

    FF + Adblock is my way to avoid it (and still get the sites I need .js to run on).

    This crap has been going on for a few years now with the 'AntiVirus XP' scam (http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/) that seems to strike major sites every few months. Just goes to show the ad distributers have no control ( or don't want it) over what goes in to their distribution network.
     
     

    Sad this is, people fall for it all the time :(

  3. Re:It happens on Linux too by Darkness404 · · Score: 4, Interesting

    I wonder when they will start searching user agent strings and making it look native (Classic on pre-XP, Luna on XP and Aero on Vista/7, and Aqua on OS X). A dialogue that looks like the Ubuntu install software window could fool a lot of users....

    --
    Taxation is legalized theft, no more, no less.
  4. Re:I have seen these before, by lorenlal · · Score: 4, Interesting

    I've seen this pop up before... On my roommate's computer. It appears a lot like a Windows Vista secure desktop warning by taking up the whole screen with a darkened border. The message follows a format that looks a lot like other Vista menus and messages. To the user, it doesn't look like it's a message from the website... But rather from Windows.

    I could easily see how most people could click the screen (literally anywhere) where it asks to download a fix called "install.exe." Plus, if you are one of the poor users who uses the terrible AV solution, that seems to have an agreement with anyone with a large user base, you're totally screwed because this virus seems quite effective at knocking it dead out.

    I'm more concerned with the fact that this is popping up in what are normally quite trustworthy sources. I was initially afraid that Yahoo had sold out, it just seems like they got the same treatment as the NYTimes. This speaks more to the vulnerabilities of the webservers that are hosting these sites to me. Does anyone know what platform they're sitting on? I'd like to know if there's a hole out there that I should concern my company with... I'm totally serious.

  5. Once again with the "nofix" by symbolset · · Score: 5, Interesting

    If you can confirm that there was malware on the system there is no cure except to start with a clean image - preferably one you stored with an imaging tool like the free Clonezilla prior to accessing any network at all or any untrusted media. Putting a clean image on can take 5-30 minutes, and is certain to remove all traces of infestation. It's actually quicker than scanning. Once you've got a confirmed hit your only business using a compromised machine is an inspection of the features that got the user into trouble so you can turn those off after you image, and capture for them a more suitable image.

    There's a tired old nag about no software being secure but really one thing is for certain: once an app has been running that's known to be infested it got there because the maker knew something the user didn't. Among the other things the user doesn't know are how many other applications the malware infested, how many running services were leveraged with local privilege escalation, how many rootkits of various sorts were installed. Most modern malware immediately upon installation scans the local system and sniffs the network. They look up components and download a cocktail of toxic code that's both tailored to the specific machine and randomly generated so as to be unique. There's a management system that auto-permutes millions of vile code variants every day, and uses a genetic algorithm to determine which of the little beasties is the most efficient. This is not your dad's malware ecosystem.

    Pretending to remove malware is nothing short of malpractice. All you're doing is helping the bad guys by pointing out which modules survive a cursory attempt at cleaning.

    --
    Help stamp out iliturcy.
  6. Re:I expected better. by LordLimecat · · Score: 4, Interesting

    This is a NYTimes issue just as rotten meat is the supermarkets problem--whether or not its because of a rotten vendor. If you go with your attitude, we can never blame anyone-- Honda may get some parts manufactured at a 3rd party foundry, so theyre not to blame for defects! Dell uses Foxconn for their power supplies, so you cant blame Dell for computers that crap out in 2 years! Sony outsources its battery manufacturing to Taiwan, its not THEIR fault the batteries can catch fire, honest!

  7. NYT Reacts to adds with story by dk90406 · · Score: 4, Interesting

    The story is somewhat weak. It suggests running Avast and MS Malicious Software Removal Tool.