At a time when the newspapers and other publishers are struggling to stay in business, the last thing the New York Times needed was an attack on their web site. But this is what apparently happened and the Times is warning visitings with this statement:
“Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser.”
In a recent article it also states that:
This attack vector also raises a trust issue, because while users are generally wary of content from unknown websites, some of them might fall for the scheme when it originates on a high profile one, like in New York Time’s case. “If you *ever* see a pop-up windows that arrives uninvited, telling you your PC is infected, ignore it, it is a scam,” concludes Rik Ferguson.
This does make one wonder how many more attacks other publishers will suffer. Some folks took exception when some publsihers seemed to threaten we consumers with paid for content.
What do you think?
Comments welcome.
Wow, I guess I’m not the only one either Ron! I was checking out an article in the Boston Globe ( http://www.boston.com ) last night and the exact same thing happened. The so-called “warning” is very persistent and just didn’t go away until I initiated a reboot. I then did a complete virus scan using my Super anti-spyware program. My system showed up as clean, but one never knows!
These scumbags are relying on luring uninformed newbies who have little or no understanding of the dangers lurking out there. AND of course those more experienced users who get bitten in a weak moment LOL !!
Hello Don,
Thanks for the info.
How are those Pats going to do this year?
These are probably XSS attacks, where the site is compromised by user comment code uploaded by a bad guy. He probably found a way to squeeze javascript into a comment and get the user browser to execute it. It happens all the time. But normally the bad guy javascript doesn’t display a popup to let you know you’re compromised, lol. He does something more mailicious instead. This is the reason why you should use Firefox with the NoScript plugin. It has protection against most XSS vulnerabilities.
Remember, web 2.0 (the concept I’m using to upload this comment) means that bad guys get to add code to your web site. Whether the bad guy’s code becomes a permanent, malicious part of your site depends completely on what you use to filter the comments, and what vulnerabilities the visiting browser has.
This is one of the most un-talked about, and most common exploits of the internet.
To be honest, it doesn’t really affect me because I don’t really trust anything the NYT prints and I dislike the AP with a passion. Thank the media’s election coverage for that. (If you don’t think it was obvious whom they wanted to be elected, you didn’t watch or read anything during the elections). Honestly, I’d take Ron’s and most of Lockergnome’s writers’ word over the NYT anyday.
Well Ron, when I went to bed last night, the Pat’s were down by two scores with under 4 minutes to go. Yeah, I gave up on ‘em. Got up this morning and saw they WON. Two touchdowns with just over 2 minutes left in the game! Go figure! LOL
Hope things are going well for you Ron. Haven’t had any input in awhile, but still alive and well.
Thanks for the comments everyone.
Don, Brady made a great comeback. Looks like he still has the arm.
Thank you swordofdestiny!
And the Pats got lucky. Got the fumble after the dummy tried to run it out of the endzone…….
Gee Goose,
Isn’t that what football is? Skill with a lot of luck combined? LOL
The 49 er’s will need a lot of LUCK! So will the Raiders.