NY Times warns of rogue antivirus on Web site
IDG News Service - Online scammers have apparently found a new way to reach their marks: They've started running ads on the Web site of The New York Times.
The newspaper warned readers Sunday that so-called rogue antivirus sellers had been spotted on its Web site, NYTimes.com. Their products, often promoted by Eastern European criminal organizations, are either ineffective or actually end up infecting the computers of people who purchase them.
"Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software," the Times said in a "Note to Readers," posted to its Web site Sunday. "We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring." The newspaper did not respond to a request for more information on the issue.
Because online advertisements are usually sold through networks, sites like NYTimes.com often have to rely on other companies to make sure that the ads they carry are appropriate.
Blogger Troy Davis was hit with the ad Saturday night. After taking a closer look, he discovered that JavaScript code in a New York Times ad redirected him to a Web site that popped up a browser Window designed to look like it is conducting a scan of the system. The window warns, "Your computer is infected."
"It's a fake page for a nonexistent antivirus app, which is actually malware," Davis wrote in his analysis of the issue.
The rogue antivirus problem got a lot of attention one year ago, when Microsoft and the Washington State Attorney General's office sued a pair of Texas companies for allegedly pushing the software.
Since then, things have only gotten worse.
In the past three months, rogue antivirus software has emerged as a major online problem, according to Paul Ferguson, a researcher with antivirus vendor Trend Micro. "Its pervasive," he said in an instant message interview. "Right now, they are going full-tilt."
Criminals use a variety of tricks to get people to shell out for the bogus products: They use search engine optimization techniques to get search engines like Google to list Web sites that display the pop-up ads, or they'll flog them through social media sites like Twitter or Facebook. They even use malicious Trojan horse programs to pop up error messages in hopes that people will buy.
"It's a multimillion dollar business," Ferguson said.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Internet
Additional Resources



White Papers & Webcasts
Return on Information: Google Enterprise Search pays you back
Download this whitepaper showing how Google Enterprise Search boosts your bottom line.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Case Study: Live Nation and Citrix NetScaler
When Live Nation spun off from Clear Channel Communications it urgently needed to consolidate nearly 100 different Web sites.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Southern Company
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Defending Against the Storm
Download Now
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Share our Strength
Download Now
The Commercialization of ITIL: Lessons Learned
Register for this event today!
