Sunday, September 13, 2009

NY Times Maybe, Possibly Infected Your Computer

Reports are circulating that the New York Times is attempting to understand and rectify problems caused by "an authorized advertisement" that had popped up on its web site.

Initial word is that a pop-up ad advises viewers that their machine might be infected with a virus, and directs them to a site that attempts to convince them to download and install fake antivirus software that almost certainly contains malware components.

From a note on the Times site:

Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser.

Such attacks typically hijack the web browser, so even if you try to escape from the rogue AV site, your browser continues to return you to the site until you force-quit the application.

Still unknown is whether the NY Times site itself was compromised, or whether an compromised ad server piped in the malicious advertisement.

I've helped a couple of folks in recent weeks recover from similar fake antivirus outbreaks, some of which burrow deep into the Windows registry and require some technical expertise and understanding of how they work to eradicate completely.

As always, you can help protect yourself by following these handy tips:

  1. Keep your computer fully patched for security vulnerabilities, not only for the operating system and Office components, but also frequently targeted applications like Flash, Shockwave, Adobe Reader, and the various instant messenger and file sharing programs floating around. If you find this difficult to do, consider installing and running the free version of Secunia PSI to help automate the tasks.
  2. Don't use Internet Explorer as your primary browser. Switch to Mozilla Firefox, Opera, Google Chrome, or some other less-targeted, less-vulnerable browser. If you're using Firefox, the NoScript and AdBlock add-ons are a must, as is WOT, which helps alert you to suspicious or fraudulent web sites.
  3. Don't click links that come via email or over IM. Often times the link that shows up in blue text isn't where you actually end up going if you click on it. In most browers, if you hover over the link, the bottom of your browser will show you the real web address hiding withing the embedded url.
  4. Run a good antivirus program, and keep the virus definitions up to date. AVG makes a decent free AV program, and I've always had good success with Kapersky's paid offerings. But understand that antivirus systems are signature-based, meaning that the vendor needs to know about a virus' characteristics in advance to design a way to detect it, so it's not a foolproof way to protect yourself from new viruses or variants of older ones.
  5. Don't use Microsoft products. I know, that's a hopeless request, but the security professional in me forces me to say it. If you keep driving your car with the windows down, eventually you'll get wet when it rains.
In the words of Sgt. Phil Esterhaus, "Let's be careful out there."

No comments:

Post a Comment

Please tell me what you think.