The Tech Herald

Rogue ad leads to fake anti-Virus (Update 2)

by Steve Ragan - Sep 15 2009, 23:40

Rogue ad leads to fake anti-Virus.

Update 2:

Kerry Scott from the New York Times sent over the following:

"The culprit masqueraded as a national advertiser and provided seemingly legitimate product advertising for a week. Over the weekend, the ad being served up was switched so that an intrusive message, claiming to be a virus warning from the reader's computer, appeared.

"As soon as we were made aware of the situation, we took aggressive steps, suspending all third-party advertisements on the site. We posted information about the attack on our home page and directed readers on what to do if they encountered the malicious code."

In addition, NYT has taken steps to ensure it doesn't happen again by giving the advertising platform a makeover.


While we haven't yet heard back from anyone over at NYT, Troy Davis offers a good technical look at the attack through his official blog


Original article:

On Sunday afternoon, The New York Times issued a warning that some readers were being directed to a website offering anti-Virus protection following the appearance of infection pop-up alerts. Such infection notices, and the resulting fake scans that report dozens of supposed infections, is a common ploy used by rogue anti-Virus software.

“We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser,” said the NY Times in a post to readers.

The rogue anti-Virus, an example of which can be seen below, is a gimmick that actually generates decent income for some of the criminals who spread it. They are paid for getting someone to install it, and will sometimes take a cut if someone registers it.

The situation is grim either way for the user because, if not registered, the rogue anti-Virus will hinder system performance, block access to various websites and security applications, as well as open the system for further malicious downloads. If the fake software is registered, not only is there a loss of money, but any personal information submitted during the registration process is compromised as well.

What is known so far is that the rogue anti-Virus attack came from the advertisements served on There was no pattern to the anti-Virus warnings, which appeared as an article was loaded. Reports on CNET as well as All Things D, had readers commenting that the malicious ads were shown with several articles both past and present.

The problem is that uses different channels for advertisements, so the appearance of rogue anti-Virus ads might be the freak result of a blind ad buy. In the past, legitimate ads have been hijacked to serve Malware by advertising networks that either didn’t catch the malicious ads in screening, or simply do not check the ads ordered. To that end, there is no clear explanation for the fake alerts at this time.

The Tech Herald has asked the New York Times for more information on the attack, as well as an update on the overall issue. We will refresh this article if and when the publication responds.

Want regular updates from The Tech Herald? Follow us on Twitter.

Interested in a more interactive TTH? Join our Facebook Group.

Comment on this Story

comments powered by Disqus


Average Guys With Average Cars. #average

Great new video from up-and-coming clothing brand the Average Squad. The short was posted by...

This Man Was Too Poor To Buy A Car. How He Treats Them Now Is So Touching

This is one of the most touching videos about cars in a long time. It tells the story of a m...

Lucky Escape from Out of Control Truck

This man had a lucky escape on a New Jersey Turnpike when he had to stop on the road du...

Concept Car Videos from Detroit Auto Show

As at every big car show manufacturers at the Detroit Auto Show 2015 were keen to give us th...

Concept Car Pictures from Detroit Auto Show

Well we still had a few pics from the in Detroit Auto Show to put up. These are some of...