Login  |  Register  |  Contact

There Are No Trusted Sites: New York Times Edition

Continuing our seemingly endless series on “trusted” sites that are compromised and then used to attack visitors, this week’s parasitic host is the venerable New York Times.

It seems the Times was compromised via their advertising system (a common theme in these attacks) and was serving up scareware over the weekend (for more on scareware, and how to clean it, see Dancho Danchev’s recent article at the Zero Day blog).

I recently had to clean up some scareware myself on my in-laws’ computer, but fortunately they didn’t actually pay for anything.

Here are some of our previous entries in this series:

BusinessWeek

AMEX

Paris Hilton

McAfee

Don’t worry, there are plenty more out there – these are just a few that struck our fancy.

—Rich

No Related Posts
Previous entry: New Definition: Vendor Myopia | | Next entry: Google and Micropayment

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By LonerVamp  on  09/14  at  12:09 PM

Fun how successful these “you have malware!” scareware campaigns work. People care about security, they just don’t care to be paying to get more software they need to know how to use and run and configure. Instead, throw a flashing (Yellow and Red! Rawr!) easy button in a pop-up and they wander in like zombies to the lobotomy ward…

Really, I bet it would be fun and lucrative to be a contract security guy for the rich and famous…essentially people who care just a bit more but have the money to throw at the problem.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?