New York Times malware pop-up
p2pnet news view Advertising | P2P:- “Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software,” says the New York Times in a ‘Note to readers‘ about a fake add the running on its site,
“We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring,” it says, adding, “If you see such a warning, we suggest that you not click on it. “Instead, quit and restart your Web browser.”
Questions and comments can be sent to webeditor@nytimes.com, it says.
While the NYT, “doesn’t spell this out, it has likely had its site hijacked by a ‘malware’ scammer who is trying to trick visitors into installing pernicious software onto their hard drives,” says All Things Digital.
Now you know.
All Things Digital – Home Delivery: The New York Times Serves Up Some Malware, September 13, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
September 14th, 2009 at 12:56 pm
I was bombarded by machines infected in this way for much of august.
The warning they were presented with was not the usual red or blue text box
containing the warning, but a very real looking Microsoft warning.
Just closing your browser is not enough. Any click of the mouse anywhere is treated as an
‘ok’ to install this fake AV/ASW tool.
When you see such a warning your best bet is a ‘hard shutdown’ ( hold down the power button on your PC
until the system powers off, followed by an immediate virus scan upon turning the system back on.
Most of my clients know to watch for the old style red or blue box warning .. this fake
Microsoft warning took a lot of folks by surprise, and kept me very busy for almost a solid month.
September 14th, 2009 at 7:35 pm
At this point in time, I can’t see why people need to be told to use a proper firewall/security package!
A good firewall will prompt you when an attempt to install/run a new program is being made, and allows you to abort the action before it begins.
The best defense is still EDUCATION…
Don’t run something or allow an installation, if you don’t know WTF it actually IS!
September 15th, 2009 at 4:42 pm
If you’re using Internet Explorer, there’s one way to kill off these popups without
triggering them to install whatever malware they include. That is to use CTRL+ALT+
DEL and shut down the browser with the Task Manager.
But using IE in and of itself is a security risk. And the single most abused settings is
the ability to launch programs or files in an iframe. No legitimate site should need to
have this enabled, so it would be safer to disable it.
Firefox with NoScript and a hosts file (MVPS, HP Guru or Bluetack’s) will prevent such
popups from occurring in the first place. I have that on my home PC, with the MVPS
hosts file and SpywareBlaster, which sets a kill bit in IE.
And in case something does get in, Malwarebytes.