The official New York Times website has been suffering from an infection caused by a rogue banner advert, causing visitors to be warned about non-existent virus infections.
As reported over on
CNet, an "
unauthorised advertisement" has resulted in New York Times readers receiving pop-ups alerting them to a supposed virus infection. Once received, the alerts stridently encourage users to download illegitimate security software in order to scan for and fix the alleged infection.
At this point, nobody's PC is infected. Sadly, it's all to common for people to click the link and download the software - at which point some pretty invasive malware gets installed under the guise of free anti-virus software, scans the system, and detects dozens of non-existent viruses. All the so-called infections can be cured, of course - but only if you part with your credit card details for the full version of the software.
Site visitors are claiming that the advert, which appears to be in the form of malicious JavaScript code, attempts to hijack the browsing session by preventing the navigation buttons being used to return to the New York Times site once the pop-up is triggered.
A
comment, entitled "
Note to Readers," on the site states that the Times is working to "
prevent the problem from recurring," and advises visitors seeing an unfamiliar virus warning to "
not click on it [but] instead quit and restart your web browser."
This isn't the first time a major site has been hijacked in such a way: conservative estimates put a single strain of malware as having infected around
40,000 websites, and companies as big as
BusinessWeek and
Sony have fallen victim to the fake viruspeddlers.
Have you ever been tricked into installing unwanted software that proved exceedingly difficult to remove, or do you just have to clean up the mess when family and friends fall victim to these scams? Should the New York Times be doing more to alert its readers about this issue? Share your thoughts over
in the forums.
Want to comment? Please log in.