Sunday, September 13, 2009

Home Delivery: The New York Times Serves Up Some Malware

Here’s a front page story the New York Times (NYT) would rather not be running: The paper is warning readers to be aware of bogus ads running on its Web site.

The paper says “some readers” have seen unauthorized pop-up ads promoting antivirus software on NYTimes.com, and warns visitors who see the ad not to click on it but to restart their browsers instead.

While the Times doesn’t spell this out, it has likely had its site hijacked by a “malware” scammer who is trying to trick visitors into installing pernicious software onto their hard drives.

MediaMemo reader Tim Minter has passed along an image of the pop-up (click image to enlarge). Here’s his description of the way it appeared on his desktop:

The ad hijack[ed] my computer. Say I’m reading an article (the Clean Water Act was the one that caught me). It then redirects my browser involuntarily to sex-and-the-city.cn. That site then redirects to the ad I screen-captured.

At no time did I click anything. That’s what is so nefarious about this malware.
Thankfully, since I run OS X, I knew immediately it was malware (seeing WindowsXP on a Mac where that’s not installed is suspicious).

You generally have to travel farther down the Internet publishing food chain to find these kind of bogus ads–go hunting for porn and/or illegal downloads, for instance, and you’ll find plenty of this stuff.

But Web advertising is still a wild and woolly place, and this type of thing still plagues high-end publishers too. Sometimes it’s the fault of ad networks the publishers use to move their unsold inventory; sometimes the bogus ads are bought directly from the publishers themselves.

I’ve asked both the Times PR staff and ad tech team for additional information about the ads, but haven’t heard back yet. Still, you have to give the paper credit for flagging this on their front page at all.
All Things Digital

No comments:

Post a Comment