The Star Tribune, the largest newspaper in the state of Minnesota, has confirmed that visitors to its website (www.startribune.com) were hit by malicious adverts earlier this week.
The “malvertising” attack, which began on Sunday, spurred the newspaper into disabling all online advertising on Monday afternoon while it investigated the infection, after users began reporting seeing fake anti-virus alerts as they read their daily fix of news.
According to the newspaper, scared users were told that their computers had a security problem and urged to cough up some cash for a “fix” from the internet.
Regular readers of the Clu-blog will recall that last September the New York Times was hit by a similar case of malvertising, and in the past a wide variety of media outlets (such as the Gizmodo, ITV and RadioTimes) have also fallen foul of poisoned adverts serving up malware and fake anti-virus alerts.
As discussed in Sophos’s recent Security Threat Report, scareware has become one of the biggest revenue-generators for cybercriminals in the last 12 months, and we’re seeing more attacks all the time either planting malicious scareware on compromised websites, posing as legitimate security companies, or explotiing hot internet search topics such as celebrity deaths.
Regrettably, the Star Tribune hasn’t published details of the precise malware which was being distributed by the third-party adverts – but all computer users who could have been affected would be wise to ensure that their anti-virus protection is updated, and that their browsers and other vulnerable software is properly patched.