Hackers bought ad space directly from New York Times

Filed Under: Malware

Ghost on wall
The hackers who exposed innocent internet users to malicious computer code, bought the advertising space on the New York Times website directly from the newspaper it has been revealed.

According to a report published on the New York Times website, the hackers posed as internet telephone company Vonage, and persuaded NYTimes.com to run ads that initially appeared as legitimate online adverts.

It is believed that the adverts were switched to the malicious content late on Friday, causing pop up messages to appear on readers' screens warning them that their computer had been infected, and urging them to install and purchase fake anti-virus software.

Vonage had advertised on the New York Times before, meaning the newspaper felt comfortable allowing the hackers to specify an outside vendor to deliver their ads who had not been vetted. Newspaper spokesperson Diane McNulty was quoted as saying, "In the future, we will not allow any advertiser to use unfamiliar third-party vendors."

New York Times CTO Marc Frons says that confusion about the offending ad's origin meant it took a long time for them to shut the dangerous adverts down.

Scareware attacks like these are on the rise for one simple reason - they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus products, making cash for unscrupulous hackers.

* Image source: daisybush's Flickr photostream (Creative Commons)

, , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.