Network Security News

Malware is often used to serve as an intermediate threat, serving to find and load much more dangerous pieces of software - for example, those responsible for setting up botnets. The more people visits compromised resources, the better. It is not strange that large mass-media sites become targets for implanting malware into them. CS Monitor tells the story about NYTimes.com serves up malware ads with news (oops)

This is what has happened: the Web’s most popular newspaper website got a little too close to the news this weekend, inadvertently serving some of its visitors a pop-up ad that masqueraded as a virus checker and urged users to download virus-like antivirus software.

The Times said on its website that the source of the bogus ads appeared to be an advertiser that had served legitimate ads for a week, but then switched to the illicit ones over the weekend.

The site posted instructions for visitors who may have been affected by the ad, urging them to install (legitimate) antivirus software, and noted that even users who didn’t click the pop-up could have been affected.

“Click or not, the user could still get infected,” Neil Daswani, a founder of Web security firm Dasient, told the Times.

In a statement, Times spokesperson Diane McNulty said that the paper “suspended advertising that is inserted automatically into its pages by outside ad-placement companies” in response to the security lapse.

Security experts were quick to point out that the breach likely wasn’t the Times’ fault. “It is the advertising network that should be screening adverts to hunt for malicious content, higher up the stream,” Graham Cluley, a Senior Technology with Sophos, told eWeek.

Still, users were upset: “Thanks for telling us how to fix our computers that your site infected,” NYTimes commenter “mrscotchy” wrote. “Can you tell us more about what the NYTimes is doing to prevent this from happening in the future and how these malicious ads came to appear on your site?”

Sure, the Times may have been targeted because of its size and high traffic numbers, but the question remains – if the New York Times is susceptible to an attack like this, what about the rest of us?

The answer, however, is simple: no computer connected to the Net can't be deemed secure, unless all the scrupulous security measures are taken; if it is guarded by modern anti-malware tools and if the user understand the importance of the security measures.