« No Means No, Wienermobile! | astral66's Blog

New York Times Spreading Malware, BEWARE!

September 13, 2009, 7:13PM

For the past two days when I've gone to the New York Times website, www.nytimes.com, I've been getting these pop-ups that say "Your computer may be infected with a virus, download a free scan now" or some such message. If you hit the "No thanks" button, it begins to run a fake scan on your system anyway! If this happens, close your browser immediately, and by no means should you run this bogus scan, because what it is really doing is inserting a trojan into your PC (don't know if Macs are similarly affected).

I wasn't really sure what the deal was until I read this just now:

Here's a front page story the New York Times (NYT) would rather not be running: The paper is warning readers to be aware of  bogus ads running on its Web site.

The paper says "some readers" have seen unauthorized pop-up ads promoting antivirus software on NYTimes.com, and warns visitors who see the ad not to click on it but to restart their browsers instead. While the Times doesn't spell this out, it has likely had its site hijacked by a "malware" scammer who is trying to trick visitors into installing pernicious software onto their hard drives.

The complete article can be read here:

http://mediamemo.allthingsd.com/20090913/home-delivery-the-new-york-times-serves-up-some-malware/

It appears that the TImes had been made aware of this and is now warning readers about it on their front page.

In other news...hello to everyone from the chatroom the other night during Obama's health care speech (big fun!). It's been awhile since I've had time to blog, so it was nice to be in touch with all of you.

Cheers,

astral66

PERMALINK | COMMENTS (26) | RECOMMEND RECOMMEND (20)

26 Comments

| Leave a comment
user-pic

Thanks Astral.

It happened to me today, actually. I have a mac and shut it down.

So far, so good.

Posted by Bwakfat
September 13, 2009 7:37 PM | Reply | Permalink
user-pic

Ran anti virus on my mac immediately after it happened to me and nothing was there.

Posted by jonnienohands in reply to a comment from Bwakfat
September 13, 2009 8:22 PM | Reply | Permalink
user-pic

Thanks, I feel better

Posted by Bwakfat in reply to a comment from jonnienohands
September 13, 2009 8:44 PM | Reply | Permalink
user-pic

Yes, the Joy of Macs. We PC are always at risk, though.

Posted by astral66 in reply to a comment from jonnienohands
September 13, 2009 9:19 PM | Reply | Permalink
user-pic

Including from friends who have Macs - they can forward malicious stuff without realizing it.
That's currently the biggest reason to get anti-virus/malware software on a Mac.

Posted by kenga in reply to a comment from astral66
September 14, 2009 5:15 PM | Reply | Permalink
user-pic

I've experienced two attempts so far.

In both cases, it was one of those trojans that claims to have discovered viruses on your computer, so please click here to download an anti-virus.

The attacking computer was 91.212.107.5, on port 80, and the attack was trying to get me to download Scanner-349c_2006-63.exe from the domain best-antivirus03.com

Posted by Merrill
September 13, 2009 7:44 PM | Reply | Permalink
user-pic

Yep, that's the one. It is now quarantined by Sophos anti-virus on my laptop, but I haven't figured out (read: bothered to follow the proper steps) how to eliminate it yet.

Posted by astral66 in reply to a comment from Merrill
September 13, 2009 7:51 PM | Reply | Permalink
user-pic

The attacking IP is in a class C network assigned to "The research center of Cyprys".

Probably one of the advertising servers that NY Times pages refer to has been hacked to have pages with a link to the server in Cyprus.

Posted by Merrill in reply to a comment from astral66
September 13, 2009 8:09 PM | Reply | Permalink
user-pic

Most PC have all their ports/sockets left wide open. Gibson Research Corporation use to have an application that disables all sockets not needed.
url : http://www.grc.com

Posted by Beetlejuice in reply to a comment from Merrill
September 14, 2009 6:48 AM | Reply | Permalink
user-pic

Best thing to do? Block all popups. Those things are annoying anyway, amirite?

Posted by MantisBot X
September 13, 2009 9:12 PM | Reply | Permalink
user-pic

Funny thing is, I have my pop-up blocker on, and it came up anyway. Not sure if I rolled over an ad or something like that, but there it was. Sucks.

Posted by astral66 in reply to a comment from MantisBot X
September 13, 2009 9:18 PM | Reply | Permalink
user-pic

Astral:

Kaspersky is excellent and aggressive about these types of things. Couple that with Firefox (there's no reason not to use it as a primary browser these days) and you will be pretty safe from pop-unders, pop-overs, etc.

I know you are techie-oriented, hence my mention of Kaspersky. It stops things cold even before the pop-under, etc.

Posted by clearthinker
September 13, 2009 9:19 PM | Reply | Permalink
user-pic

Thanks CT, hadn't heard of Kaspersky so I'm off to check it out.

Posted by astral66 in reply to a comment from clearthinker
September 13, 2009 9:41 PM | Reply | Permalink
user-pic

I got that attempt, too. I closed the window, but I also have a pretty good firewall/AV combo.

Posted by Donal
September 13, 2009 10:19 PM | Reply | Permalink
user-pic

I've got a detailed tech explanation at http://troy.yort.com/anatomy-of-a-malware-ad-on-nytimes-com if anyone's interested.

Posted by troy
September 13, 2009 11:43 PM | Reply | Permalink
user-pic

Cool! Thanks for posting this.

Posted by astral66 in reply to a comment from troy
September 13, 2009 11:53 PM | Reply | Permalink
user-pic

Thanks, troy. I was hit with this twice yesterday, also. It was cool to see what lousy spellers and grammarians they are. Ha! Take that.

Posted by seashell in reply to a comment from troy
September 14, 2009 6:22 AM | Reply | Permalink
user-pic

I'm against waterboarding, but in the case of a malware producers, I'm willing to make an exception.
Considering all the costs and wasted hours due to ailing pc's, certinally some nice prison time is justified.

Posted by VexSmith
September 14, 2009 2:13 AM | Reply | Permalink
user-pic

OH Astral always good to see and hear from you.

I quit taking surveys or even touching a pop-up since I got my new rig in April.

NO MORE

Posted by dickday
September 14, 2009 2:14 AM | Reply | Permalink
user-pic

Hey DD! I am normally smart enough to avoid them, but this one outsmarted me with its booby-trapped "no thanks/cancel" button. The bastards got me.

Posted by astral66 in reply to a comment from dickday
September 14, 2009 8:22 AM | Reply | Permalink
user-pic

don't know if Macs are similarly affected

My Mac has a motorola chipset - unix. It fears not Trojans Hordes of the Intel Realm! Bring'em On!

Posted by Beetlejuice
September 14, 2009 6:39 AM | Reply | Permalink
user-pic


Wouldn't it be funny if Astral's link was the real malware :-)

Posted by JohnW1141
September 14, 2009 7:55 AM | Reply | Permalink
user-pic

Well, two of the links do go directly to the New York Times, so in a way, you are correct. I haven't seen the pop-up in the past several hours though, so hopefully the have contained it.

Posted by astral66 in reply to a comment from JohnW1141
September 14, 2009 8:19 AM | Reply | Permalink
user-pic

There's an ad to mini-me yourself for free at TPM. Is this a similar trojan?

Posted by rmrd0000
September 14, 2009 8:38 AM | Reply | Permalink
user-pic

The New York Time IS malware.

C

Posted by cmaukonen
September 14, 2009 9:48 AM | Reply | Permalink
user-pic

Another depredation from the dreaded MSM! The spyware, undoubtedly, attempts to hijack the user's computer into supporting immoral, unjustified wars of choice.

Posted by Armchair Guerrilla
September 14, 2009 12:17 PM | Reply | Permalink

Leave a comment

astral66

user-pic

Following: 55
Followers: 57

Posts
Comments & Recommends


Favorites

All Reader Posts
How to use myTPM

Advertise Liberally
Share
Close Social Web Email

"To" Email Address

Your Name

Your Email Address