Continuing our seemingly endless series on “trusted” sites that are compromised and then used to attack visitors, this week’s parasitic host is the venerable New York Times.
It seems the Times was compromised via their advertising system (a common theme in these attacks) and was serving up scareware over the weekend (for more on scareware, and how to clean it, see Dancho Danchev’s recent article at the Zero Day blog).
I recently had to clean up some scareware myself on my in-laws’ computer, but fortunately they didn’t actually pay for anything.
Here are some of our previous entries in this series:
Don’t worry, there are plenty more out there – these are just a few that struck our fancy.
Reader interactions
One Reply to “There Are No Trusted Sites: New York Times Edition”
Fun how successful these “you have malware!” scareware campaigns work. People care about security, they just don’t care to be paying to get more software they need to know how to use and run and configure. Instead, throw a flashing (Yellow and Red! Rawr!) easy button in a pop-up and they wander in like zombies to the lobotomy ward…
Really, I bet it would be fun and lucrative to be a contract security guy for the rich and famous…essentially people who care just a bit more but have the money to throw at the problem.