Tuesday, September 15, 2009

Learning from the NY Times Attack Ad

The NYTimes.com site warned Sunday that it had inadvertently displayed an "unauthorized advertisement" over the weekend that tried to use fake malware warnings to trick viewers into installing scareware.

The various analyses of this attack point to a browser hijack, which uses Javascript to display the fake scan warnings in modified browser windows. As long as you're not tricked into downloading any software, security experts say this type of attack is relatively harmless. But fake malware warnings can also signal an existing malware infection on your PC.

A programmer named Troy Davis posted a code analysis and screen shots of the scam. Anyone snared by the social engineering attack who downloaded the software would end up with a worthless program called Personal Antivirus (screen shot in a Trend Micro post). An additional analysis from Trend says the "ad content appears to no longer contain malicious content."

Rogue antivirus scams can rake in big bucks and have been growing in popularity among Internet criminals. If you see a fake malware warning on your screen, it's important to know whether it came from a browser hijack, which can generally be cleared up by restarting the browser, or whether it came from malware that has already infected your PC. For help on telling the difference, see Fake Infection Warnings Can Be Real Trouble.

This incident also provides a good example of why you should at least have basic antivirus protection for your PC, even if you're careful where you surf. Poorly screened ads and site hijacks can launch attacks even if you only visit legit sites. For recent reviews of your free options, see Can You Trust Free Antivirus Software?.

PC World

No comments:

Post a Comment