The Tech Herald

Rogue ad leads to fake anti-Virus (Update 2)

by Steve Ragan - Sep 15 2009, 23:40

Rogue ad leads to fake anti-Virus.

Update 2:

Kerry Scott from the New York Times sent over the following:

"The culprit masqueraded as a national advertiser and provided seemingly legitimate product advertising for a week. Over the weekend, the ad being served up was switched so that an intrusive message, claiming to be a virus warning from the reader's computer, appeared.

"As soon as we were made aware of the situation, we took aggressive steps, suspending all third-party advertisements on the site. We posted information about the attack on our home page and directed readers on what to do if they encountered the malicious code."

In addition, NYT has taken steps to ensure it doesn't happen again by giving the advertising platform a makeover.


While we haven't yet heard back from anyone over at NYT, Troy Davis offers a good technical look at the attack through his official blog


Original article:

On Sunday afternoon, The New York Times issued a warning that some readers were being directed to a website offering anti-Virus protection following the appearance of infection pop-up alerts. Such infection notices, and the resulting fake scans that report dozens of supposed infections, is a common ploy used by rogue anti-Virus software.

We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser, said the NY Times in a post to readers.

The rogue anti-Virus, an example of which can be seen below, is a gimmick that actually generates decent income for some of the criminals who spread it. They are paid for getting someone to install it, and will sometimes take a cut if someone registers it.

The situation is grim either way for the user because, if not registered, the rogue anti-Virus will hinder system performance, block access to various websites and security applications, as well as open the system for further malicious downloads. If the fake software is registered, not only is there a loss of money, but any personal information submitted during the registration process is compromised as well.

What is known so far is that the rogue anti-Virus attack came from the advertisements served on There was no pattern to the anti-Virus warnings, which appeared as an article was loaded. Reports on CNET as well as All Things D, had readers commenting that the malicious ads were shown with several articles both past and present.

The problem is that uses different channels for advertisements, so the appearance of rogue anti-Virus ads might be the freak result of a blind ad buy. In the past, legitimate ads have been hijacked to serve Malware by advertising networks that either didnt catch the malicious ads in screening, or simply do not check the ads ordered. To that end, there is no clear explanation for the fake alerts at this time.

The Tech Herald has asked the New York Times for more information on the attack, as well as an update on the overall issue. We will refresh this article if and when the publication responds.

Want regular updates from The Tech Herald? Follow us on Twitter.

Interested in a more interactive TTH? Join our Facebook Group.

Around the Web

Comment on this Story

comments powered by Disqus


Miami Formula E Tickets On Sale Now

Tickets for the first US race in the Formula E calendar — Miami — are on sale now.The ePrix&...

Our Most Popular Car Games Of 2014

It’s that time of year when we take stock of where we’re at and button down the hatches over...

Monster Truck World Speed Record Broken By The Raminator

The monster truck speed record has been broken by road-going goliath The Raminator.The truck...

Car Games Update – December 2014

Our car games section is constantly growing and becoming more popular by the day. Over the p...

The Mind-blowing 2015 BMW 6 Series (PICTURES)

Here’s a great selection of pictures of the new 2015 BMW 6 Series to salivate over. The new ...