Sunday, September 13, 2009


Oof! Fake-antivirus redirect trojan horse on famous high traffic website!

Some New York Times readers may get a little bit more than expected today. When clicking on the graphic interactive presentation for "How the Finance Giants Shrunk, Then Grew Under the Financial Crisis," DD was treated to an attempted dose of fake-antivirus malware, embedded as a redirect on the webpage.

In this case, the trojan horse redirects readers to a malicious website, telling users they must use something called "Personal Antivirus" to immediately remove viruses on their PC. In reality, the only computer virus on the PC is the one leading the action on the monitor, one generally designed to obtain your credit card number.

DD blocked the attempted redirect, and created a snapshot of what it looked like after it had been made to fail on his system.

Phony anti-virus warning.

"Your private data is under attack!" says the malicious website, while in the process of attacking you.

Coincidentally, just last week wrote about the New York Times and one of its slightly benighted computer advisor/columnists here in The Computer Futzer.

At the time, the New York Times reporter informed:

"Since a lot of malicious programs now come through Web sites, you will also want to use one of the many free tools available to help you avoid malicious sites."

To which DD replied, quite accurately:

Eh ... not so valuable. Again, it's advice which ties you to the underlying bedrock of a world reliant on enumerating badness. And since the bad actors know that people try to avoid obviously malicious sites, or who already use filters which try to steer them off, they're always busy trying to poison and infiltrate sites which are not assumed to be malicious.

Perhaps like a malicious download seeded onto the website of the NY Times on Sunday.

It's just now a matter of fact that badness happens to everyone, sooner or later.

"I just got browserjacked off the New York Times website," writes another user here. "I think it came off a redirect to some website with sexinthecity in the url. It was one of those fake malware alert/free system scan scam sites. It launched a phony 'scan' without my permission."


New York Times acknowledges problem:

"Some readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser."

Not the best advice, the CYA attitude getting a bit in the way of transparency, which -- technically speaking -- would be to admit the fake warning, which is only a symptom, could indicate for some that troubles were only beginning.

And you shan't want to miss: Always Wrong, Always Late


Post a Comment

<< Home