The hackers who exposed innocent internet users to malicious computer code, bought the advertising space on the New York Times website directly from the newspaper it has been revealed.
According to a report published on the New York Times website, the hackers posed as internet telephone company Vonage, and persuaded NYTimes.com to run ads that initially appeared as legitimate online adverts.
It is believed that the adverts were switched to the malicious content late on Friday, causing pop up messages to appear on readers' screens warning them that their computer had been infected, and urging them to install and purchase fake anti-virus software.
Vonage had advertised on the New York Times before, meaning the newspaper felt comfortable allowing the hackers to specify an outside vendor to deliver their ads who had not been vetted. Newspaper spokesperson Diane McNulty was quoted as saying, "In the future, we will not allow any advertiser to use unfamiliar third-party vendors."
New York Times CTO Marc Frons says that confusion about the offending ad's origin meant it took a long time for them to shut the dangerous adverts down.
Scareware attacks like these are on the rise for one simple reason - they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus products, making cash for unscrupulous hackers.
* Image source: daisybush's Flickr photostream (Creative Commons)