Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New York Times Site Pop-Up Says Your Computer Is Infected

timothy posted more than 4 years ago | from the if-you're-reading-this-you-have-a-virus dept.

Security 403

Zott writes "Apparently, 'some readers' of the New York Times site are getting a bit more with their news: an apparently syndicated adware popup with a faux virus scan of the user's computer indicating they are infected, and a link to go download a fix now. It's entertaining when a Mac user gets it, but clearly downloading an .exe file isn't a good way to keep your computer clean ..." Update: 09/14 03:20 GMT by T : Troy encountered this malware, "and did basic forensics. Summary: iframe ad then series of HTML/JS redirects, ending at a fake virus scanner page with a "Scan" link (made to look like a dialog box button) that downloaded malware." Nice explanation!

cancel ×

403 comments

Sorry! There are no comments related to the filter you selected.

It's very entertaining. (5, Insightful)

Anonymous Coward | more than 4 years ago | (#29408785)

I think it's actually more entertaining when I don't get it at all on any platform, because I disabled javascript.

Re:It's very entertaining. (5, Interesting)

PlusFiveTroll (754249) | more than 4 years ago | (#29408867)

FF + Adblock is my way to avoid it (and still get the sites I need .js to run on).

This crap has been going on for a few years now with the 'AntiVirus XP' scam (http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/) that seems to strike major sites every few months. Just goes to show the ad distributers have no control ( or don't want it) over what goes in to their distribution network.
 
 

Sad this is, people fall for it all the time :(

Re:It's very entertaining. (5, Informative)

Anonymous Coward | more than 4 years ago | (#29408905)

The newest version of the "Antivirus 2010" software is a pain in the ass to get rid of. It rootkits the system and makes manual removal pretty much impossible without a WinPE boot disk of some kind, and even then it's difficult to find all the instances. There's one tool I found to remove it and most of its kin, and that is combofix [bleepingcomputer.com] . It successfully cleans Antivirus 2010 and a host of other rootkit-based malware in a process I can only describe as "magic". I'm just posting this to help out others that have spent way too much time trying to get rid of this crap off of friend/family computers.

Re:It's very entertaining. (5, Informative)

Z34107 (925136) | more than 4 years ago | (#29409081)

I completely agree with "combofix rocks." My job at the college I attend is pretty much removing that virus 24/7 from student laptops, and I've learned a few things:

1) McAfee sucks. We supply a copy of the Enterprise version to students, and a patched installation is required for internet access. Somehow, we're still inundated every semester with the latest flavor of AntiVirus ModelYear.

2) ComboFix is amazing. It's simple, but it automates a lot of tools that are a bit of a pain to use on their own. Ten minutes, and most malware is somewhat neutered.

3) MalwareBytes is amazing. ComboFix always misses stuff, but it lets us install MalwareBytes (also free) which finishes the job. I haven't seen any virus MB couldn't remove.

It's usually faster to run ComboFix + MalwareBytes (half hour between the tools in most cases) than it is to nuke it from orbit and reinstall Windows. Unless you're paranoid, two programs will take care of your end of your extended family's implied social support contract.

Re:It's very entertaining. (1)

Zen_Sorcere (1303425) | more than 4 years ago | (#29409183)

The folks at Computerhope.com [computerhope.com] are a great resource for helping users fix their computers after something like this happens. They usually have the users asking for help run through a battery of programs, such as Avast!, SuperAntispyware, Malwarebytes, HijackThis, etc in order to catch most things.

Very helpful site for those pesky "antivirus" viruses.

Re:It's very entertaining. (4, Informative)

Hojima (1228978) | more than 4 years ago | (#29409237)

I personally use Comodo firewall, and it's one hell of delicate security guard. I have to turn it off when I install anything because I will be there all day clicking approve. It's not annoying when you know how to use it and change its settings (takes a nominal amount of time). I've had a lot of instances now when I even purposely download sketchy .exe files, and it alerts me right away about suspicious activity in the computer. Best of all it's free.

Re:It's very entertaining. (4, Insightful)

davidphogan74 (623610) | more than 4 years ago | (#29409243)

You make people use McAfee to get online? That would be enough to make me transfer.

Re:It's very entertaining. (2, Informative)

Z34107 (925136) | more than 4 years ago | (#29409261)

I personally loathe McAfee - it interferes with ComboFix. But, I'm not IT, and you can technically remove it after your machine passes registration.

Re:It's very entertaining. (2, Interesting)

davidphogan74 (623610) | more than 4 years ago | (#29409331)

It seems you can never fully remove a McAfee program without formatting and restarting. I'd probably just get a new hard drive, install Windows XP and McAfee on it, pass the system through, then swap in my normal drive. But, I am an IT nerd.

Re:It's very entertaining. (1)

capnkr (1153623) | more than 4 years ago | (#29409119)

Combofix does do a good job at catching and removing these things, but: rootkit.

Best to bite the bullet, and talk the client into a drive formatting and OS reinstall. Given that opportunity, you can also go ahead and do some system optimization, and with a vanilla-install source, get rid of manufacturer-installed bloatcrap. For about the same amount of time (and thus, price) that it would take to do whatever you can to ensure a clean system, they get a much better job. The system will probably be running better than when it was new, and you will be assured that the rootkit is gone.

Re:It's very entertaining. (5, Informative)

Z34107 (925136) | more than 4 years ago | (#29409251)

In a perfect world, we would do that, but we get too many machines in and out to make that feasible. Then, there's all the normal luser problems: I don't know where my files are, I have no install media, I have no keys, I deleted my recover partition to save space, etc.

The foolproof way to remove the AntiVirus ModelYear rootkit is: Make a file-based image of the hard disk. By design, it hides from the file system, meaning it will not be included in a image made by a tool like ImageX from Microsoft's free WAIK. Gather an image and apply it to the same hard disk, and the rootkit's gone.

If you're adventurous, ImageX lets you mount the image file on a clean PC to do offline scans of its files and registry hives. You can clean a computer without ever booting it.

But, that's generally overkill. AntiVirus ModelYear rootkit isn't the nasty kind of hardware-hypervisor rootkit - it runs at kernel privileges. So does MalwareBytes. To be dangerous, it has to run at a higher privilege level than the removal tools.

For family members that promise me food, I go the extra mile and do the clean install for them. Staff machines we just re-image.

Re:It's very entertaining. (-1, Flamebait)

arminw (717974) | more than 4 years ago | (#29409281)

....Best to bite the bullet, and.....

Fix this kind of thing once and for all by buying a computer with Linux or OSX on it. The file structure of a Mac does not have as many obscure hiding places where such garbage can hang out and not be removed easily. Many so-called experts argue that Macs are no more secure, or even less so than Windows, but at least currently, Macs are safer. This may be true because there are fewer Macs, but so what, Macs are indeed much safer, by at least a factor of 1000 or more. There are tens of thousands of nasty programs in the wilds of the Internet for Windows, but the number of such malware for Macs can be counted on your fingers.

Re:It's very entertaining. (0)

Anonymous Coward | more than 4 years ago | (#29409161)

There's one tool I found to remove it and most of its kin, and that is combofix. It successfully cleans Antivirus 2010 and a host of other rootkit-based malware in a process I can only describe as "magic".

Let me guess, I have to install an .exe?

An advertisement for malware in a discussion about an advertisement for malware. How avant-garde.

Re:It's very entertaining. (0)

Anonymous Coward | more than 4 years ago | (#29408941)

FF + Adblock is my way to avoid it

Sorry, that doesn't help, I received the faux alert from the NY Times this afternoon while using FF + Adblock Plus.

Re:It's very entertaining. (3, Informative)

hairyfeet (841228) | more than 4 years ago | (#29409259)

Question-were you running NoScript as well? because while I have found that ABP does block a lot of attacks through ads, to really lock it down you really need NoScript as well. Why the browser manufacturers can't simply build in whitelisting for sites, instead of the current "all or nothing" approach, is beyond me. But until then it is Firefox+ABP+NoScript for me.

Re:It's very entertaining. (0)

Anonymous Coward | more than 4 years ago | (#29409425)

Opera supports this very well through the feature known as "Site Preferences". It lets you configure scripting, cookies, and even the user-agent string on a per-site basis.

Re:It's very entertaining. (1)

Pool_Noodle (1373373) | more than 4 years ago | (#29409125)

Don't forget the possibility of a carefully crafted PDF as a vector (have seen and had it happen) ... then there's the ever popular (and the numerous) Flash possibilities. Personally, I think its a lack of caring on the Ad distributors parts .. as long as the money keeps flowing they don't care what people distribute, much to the irritation of those who have to clean this junk up. My 2 cents.

Wrong, PFT... (1)

spywhere (824072) | more than 4 years ago | (#29409133)

I have FF 3.5.3 and AdBlock, the latest Flash and Java, AND the latest MVPS Hosts file, and it came up anyway. Three hours after I added the two sites involved to my Hosts file, the redirect happened again... but this time, it stalled.

Bottom line: Signature- and site-based detection can always be defeated.

Re:It's very entertaining. (0)

Anonymous Coward | more than 4 years ago | (#29409193)

I happened across this yesterday. Gave me quite a scare too, as I realized the only sites that I had open were Google News and NYT. I rushed to download a free antivirus program, which didn't find anything.

My configuration is Firefox + ABP, and it didn't block this. Not that that is surprising, since ABP only blocks known ad sites, and an attack like this would probably redirect to a new domain set up just for the the attack.

Use NoScript, not just AdBlockPlus (1)

billstewart (78916) | more than 4 years ago | (#29409347)

NYtimes.com is usually on my exceptions list, but not today...

Anybody know what the malware sites are, either by DNS name or IP address?

Re:It's very entertaining. (1)

killerdark (922011) | more than 4 years ago | (#29409413)

I ran into this ad myself yesterday and thought it was very odd, because I am running FF and adblock plus, so I made a screen shot and did some searching on it.

Screen shot and info can be found here, it's clearly visible that I am running FF and you can see the Adblock logo on the top right:

http://www.winfreddekreij.com/all-tech-references/91-nyt-virus-alert-popups [winfreddekreij.com]

Ouch (1)

kidblast (413235) | more than 4 years ago | (#29408803)

Ouch for all those who are de facto family computer technical support.

Re:Ouch (1)

Pool_Noodle (1373373) | more than 4 years ago | (#29409079)

We who are about to pull our hair out (from our families not listening to the words "Don't go to this site") salute you ....

Re:Ouch (0, Troll)

arminw (717974) | more than 4 years ago | (#29409305)

...Ouch for all those who are de facto family computer technical support..
Although I have done Windows support for friends and family for a long time, I do so no longer. I tell people that if they want to have a mostly trouble-free computer, pay a little extra and get a Mac. They "just work".... at least most of the time.

So? (0)

Anonymous Coward | more than 4 years ago | (#29408811)

I downloaded the exe and, sure enough, it said I had a virus. Ha! I knew downloading files from pop up ads would pay off one day. And it sure did. Big time.

I have seen these before, (1)

HazMat 79 (1481233) | more than 4 years ago | (#29408825)

while using stumble upon, a pop up "scans my C drive" and informs me of multiple threats and then tells me to download XYZ software to get rid of it. One of them wouldn't even let me close the window. I had to open a terminal and killall to get rid of it.

Re:I have seen these before, (0)

Anonymous Coward | more than 4 years ago | (#29409157)

I wonder why anyone ever actually DOES the download though? They think that "oh, the New York Times helpfully scanned my system for me and found a problem?" I mean, I guess they are morons. (And the folks setting this up seem to not realize there are systems other than Windows as you found with the "c drive" scan on your Linux/OSX/BSD style system). Anyway, I still can't believe people actually download and install these things.

Re:I have seen these before, (1)

Robin47 (1379745) | more than 4 years ago | (#29409353)

Anyway, I still can't believe people actually download and install these things.

They don't have a basement.

Re:I have seen these before, (1)

PAjamian (679137) | more than 4 years ago | (#29409267)

I always find it interesting how it can scan the "C" drive on my Linux box.

Re:I have seen these before, (1)

Robin47 (1379745) | more than 4 years ago | (#29409333)

I saw it today on my Mac while visiting the NYT. I hit cancel and it went ahead and "scanned" anyway so I killed the tab and the son of a bitch still managed to open a sheet telling me I had to download such and such. Only option was okay. So I killed Firefox and restarted it. I had that one once before a few years ago on a Toshiba. Took me a week to get rid of it then. It was a nice facsimile of a Windows explorer page though. I had to laugh.

Re:I have seen these before, (0)

Anonymous Coward | more than 4 years ago | (#29409367)

I get this sometimes when I click on a search result returned from Google. Not wanting to trust any of the popup buttons, I hit ctrl-alt-delete and kill the browser processes from Task Manager.

This is from FF 2.0. Unfortunately, I'm unable to upgrade to FF 3.0, probably b/c of something some malware did. The registry editor seems to be gone, too.

I expected better. (1)

Quinapalus (1335067) | more than 4 years ago | (#29408829)

My AVG anti-virus caught this, but I would have thought the NY Times would have had better security.

Re:I expected better. (4, Informative)

Ron_Fitzgerald (1101005) | more than 4 years ago | (#29409003)

Unfortunately this has nothing to do with New York Times' security and that is the whole problem. New York Times hires an 'ad agency' which is quite a bullshit term in this case if you ask me. They embed some open ended script from said firm and then at that point have no idea what is being displayed. This 'firm' may even rent or sell the embedded space to yet another company so then even the firm has no idea what ad is being displayed. All these automated, unmonitored and unregulated ads on pages are a huge security hole but in the name of profit, who really cares?

Re:I expected better. (3, Informative)

Myen (734499) | more than 4 years ago | (#29409293)

They actually appear to embed the ad code directly into the page (you can see which campaigns the ads are for; the one that hit me was for Vonyage, near the bottom of the page). In my case, it wrote a weakly obfuscated script that redirected the whole page to sex-and-the-city.cn (... err, yeah) which redirected to protection-check07.

Poor NYT, they now have a special rule in my ad filters.

Re:I expected better. (1)

nmb3000 (741169) | more than 4 years ago | (#29409107)

I would have thought the NY Times would have had better security.

As my sibling points out, this is what happens when you allow an unknown entity to inject arbitrary content into your page.

It actually makes me wonder what the contract for these ad agencies (DoubleClick, etc) looks like. When somebody like the New York Times signs up with them, does the ad company waive all potential liability? For example, if the NYT was sued for distributing malware by somebody who's computer was infected, would the NYT be responsible for the by-proxy content on their site, or would they be able to "pass the buck" to DoubleClick? Personally I tend to think both parties should be held liable.

I realize that "the Internet was built on free content paid for by advertising", but lately it seems like most of these "ad agencies" are little better than spammers.

News? Where? (5, Interesting)

SilverHatHacker (1381259) | more than 4 years ago | (#29408837)

What exactly makes this different from any of the other hundreds of sites with the same popup? Is it just because this is a large, well-known website like the New York Times?

Re:News? Where? (1)

bertoelcon (1557907) | more than 4 years ago | (#29408883)

I was thinking the same thing. The answer is probably yes.

Re:News? Where? (0)

Anonymous Coward | more than 4 years ago | (#29408897)

I saw this same kind of thing on newsweek.com's website as well, and I'm surfing on a mac with the Safari browser. I've not seen this on Firefox or Chrome yet

Re:News? Where? (4, Insightful)

petermgreen (876956) | more than 4 years ago | (#29409019)

Not exactly news but nonetheless a sad indictment of the state of online advertising that even big sites with a reputation to uphold are using adverts from seedy advert networks who tolerate this shit.

Re:News? Where? (-1, Flamebait)

ConceptJunkie (24823) | more than 4 years ago | (#29409323)

Reputation? The New York Times? If you ask me the malware ad _is_ consistent with their reputation.

Fake software ads go along with their fake stories and their fake objectivity. I'm sorry, they don't even _pretend_ to be objective any more, so you can't accuse them of faking that.

Nothing but shills.

Re:News? Where? (1, Insightful)

Bruce Perens (3872) | more than 4 years ago | (#29409399)

Let me guess. Your preferred news service is FOX, right?

Re:News? Where? (5, Informative)

Jahava (946858) | more than 4 years ago | (#29409083)

What exactly makes this different from any of the other hundreds of sites with the same popup? Is it just because this is a large, well-known website like the New York Times?

That's my impression. I think the interesting thing here is that the presumption that reputable websites have reputable advertisements has been violated. NYT's advertising policies [whsites.net] include the following paragraph [whsites.net] :

The Times may decline to accept advertising that is misleading, inaccurate or fraudulent; that makes unfair competitive claims; or that fails to comply with its standards of decency and dignity.

Granted, they don't outright state that the content is prohibited, but they do imply a stance against this type of advertising. This is a clear violation of that intention, and they took the appropriate response. I'd be most interested in knowing if this particular advertisement was intentionally approved, "slipped through" accidentally, or was injected illicitly (e.g., their advertising server was hacked, etc.).

Re:News? Where? (1)

sjames (1099) | more than 4 years ago | (#29409155)

Yes, a large website with high traffic and a reputation to maintain. Be assured, somewhere someone ate dinner standing up tonight.

Re:News? Where? (1, Insightful)

rm999 (775449) | more than 4 years ago | (#29409189)

I think this case is semi-interesting because it conveniently parallels the slow death of the media as we know it. The idea is that people used to look to newspapers like the New York Times for trustworthy news; now, these sources mislead (lie?) to their users and mess up their expensive computers in the process.

Of course, I agree with you that it is misleading to accuse just the NYT - 1000s of sites run these misleading ads, and many probably don't mean to (including the NYT, I'm sure). I would call this a non-story - the obvious reaction from the NYT will be "we did not mean to run these ads, it's the online ad providers' fault, and we have made sure the ads won't be run again." And then no one will care anymore. Yawn.

Re:News? Where? (1)

Orion Blastar (457579) | more than 4 years ago | (#29409429)

We don't expect that from the New York Times because they are more professional and you'd think their web staff would be computer savvy enough to avoid giving customers and readers the fake antivirus web popup that actually infects the computer with adware than remove actual malware.

But as usual they contracted the web ad service to contracted companies that usually subcontract it out to others, so it is hard to find the company that submitted the pop-up fake AV scan.

The NYT has hit hard times with a low reader rate in subscriptions, and had to move to an ads based model. They should have done what most liberal web sites do and use Google adsense or something that is text based ads that Google tends to filter out the malware ads. This is something you expect from Fox News, not The New York Times. But then Liberals can be just as careless as Neocons when it comes to earning money from advertising. IIRC Fox News' web site is going towards a paid business model and might end the advertising as all subscribers will be paying customers, unless that business plan fails. Will the New York Times web site follow Fox News in going paid only?

I saw it (5, Funny)

HangingChad (677530) | more than 4 years ago | (#29408855)

But when it starts telling me the C:\ drive on my Linux box is infected it's hard to stop laughing.

Still was a job to get rid of the circle jerk pop ups.

Re:I saw it (0, Troll)

Anonymous Coward | more than 4 years ago | (#29408889)

But when it starts telling me the C:\ drive on my Linux box is infected it's hard to stop laughing.

Yeah, especially since there's no such thing as a "C:\ drive" even on a Windows box.

Re:I saw it (1)

supernova_hq (1014429) | more than 4 years ago | (#29409233)

Are you arguing symatics (the \ not being part of the drive name) or did I just get whooshed?

Re:I saw it (1)

NitroWolf (72977) | more than 4 years ago | (#29409295)

You just got wooshed, since there are no drive letters in Linux.

Re:I saw it (0)

Anonymous Coward | more than 4 years ago | (#29409395)

You just got wooshed, since there are no drive letters in Linux.

Whoosh fail.

GP and GGP were talking about whether it's proper to call it the "C:" drive or "C:\" drive when you're on a windows system.

Re:I saw it (1)

BryanL (93656) | more than 4 years ago | (#29408965)

Yeah. I have a Mac. The Windows interface is kind of a giveaway that it is probably not that my computer has a virus.

some macs can run that exe (2, Informative)

Ilgaz (86384) | more than 4 years ago | (#29409339)

Believe or not, some high end virtual machines, even including MS unmaintained Virtual PC does assign themselves to .exe files and conveniently run them!

Apple knows this possibility and that is why your Safari alerts you when you download an .exe file, not like they don't know their own OS. :)

BTW, if the virus mentioned is the one I saw, don't play around with these guys since it was one of the rare times Kaspersky online scanner missed the virus (trojan) offered, I submitted it to them and they included hours later as some variant. That means we aren't dealing with some complete idiots here, they know how to morph their code so a high end AV like Kaspersky can miss it. (Mine was from Haaretz, IL English newspaper)

Re:I saw it (1)

sjames (1099) | more than 4 years ago | (#29409159)

Still was a job to get rid of the circle jerk pop ups.

If not for that, I'd bookmark the ad!

It happens on Linux too (1)

steltho (1121605) | more than 4 years ago | (#29408861)

I was getting this message while using Linux. It would show me the pop up and then send me to a web page that looked just like Windows Explorer. I was surprised to see it on a site like the New York Times.

Re:It happens on Linux too (1)

sakdoctor (1087155) | more than 4 years ago | (#29408953)

Windows XP with luna theme by any chance?
I wonder when the scum will switch to aeroglass themed ads.

Re:It happens on Linux too (4, Interesting)

Darkness404 (1287218) | more than 4 years ago | (#29409021)

I wonder when they will start searching user agent strings and making it look native (Classic on pre-XP, Luna on XP and Aero on Vista/7, and Aqua on OS X). A dialogue that looks like the Ubuntu install software window could fool a lot of users....

Re:It happens on Linux too (1)

ImYourVirus (1443523) | more than 4 years ago | (#29409255)

Does it really matter what it looks like? You know some dope is going to fall for it no matter what.

Re:It happens on Linux too (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#29409311)

Yeah, but how many more Mac users or Linux users (who in general are "immune" to viruses and other malware due to their lower marketshare and in general better security) would be fooled into running a strange program if it looked exactly like something that they were running? An "update" to Firefox or Safari? No Mac user is going to download something that looks like XP, and a lot of Vista users would be suspicious if it looks like XP.

Re:It happens on Linux too (1)

Nerdfest (867930) | more than 4 years ago | (#29409313)

It will start just slightly before many people start faking their agent strings. I frequently change the FF agent string to appear as Windows XP instead of Linux.

Re:It happens on Linux too (1)

cupantae (1304123) | more than 4 years ago | (#29408959)

Of course it happens on Linux. That's the point - it's not doing what it says it's doing. It would be interesting if it DIDN'T happen on Linux because that would mean it was actually checking something. [Well, I know it would just have to look at the user agent string]

Re:It happens on Linux too (5, Insightful)

eric31415927 (861917) | more than 4 years ago | (#29409073)

Two years ago, I got my 67-year-old mother online with a Debian (stable) box for web browsing, emailing, and printing.
At least twice in these two years, she has come across web pages warning that her operating system has been infected with a virus.
The web pages make it look like she has an infected Windows system - similar to the link from the NYT web page.

I reassure her each time that her computer has not been infected, and it is not likely to ever be infected so long as she is careful with her password.
I would like Firefox (or in her case IceWeasel) to have a plugin to avoid loading pages that look like Windows Explorer.
This would save people like my mother and businesses like the NYT from undue stress.

And they wonder... (5, Funny)

PC and Sony Fanboy (1248258) | more than 4 years ago | (#29408875)

And they wonder - Why is print media dying?

Because they can't adapt properly. Seriously guys, filter your ads!

Re:And they wonder... (1)

popo (107611) | more than 4 years ago | (#29408903)

Wait...what?

Re:And they wonder... (4, Insightful)

Aurisor (932566) | more than 4 years ago | (#29408931)

The New York Times is one of the most respected publications in the world. It's not going anywhere.

Re:And they wonder... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29409067)

Well they just stopped being a respected publication after running these deceptive ads on their site. Seriously, it's the print equivalent of an ad announcing false tougher laws on car emissions with (conveniently) an address where you can get your car checked against the "new" limits.

When you take the readership that you slowing acquired over the years through hard work, and suddenly serve it on a platter to crooks to make a few bucks, it's sign that things are going downhill.

Re:And they wonder... (0)

Anonymous Coward | more than 4 years ago | (#29408935)

in all fairness no human is perfect and this is just an accident. most likely the accident is they were hoping that advertisers were honest like they were, or maybe not, and wanted to cut a few corners to make sourcing ads cheaper. so are they at fault for allowing bad stuff in that they should know existed or are the ads creators the villain going around causing trouble. alternatively you could blame the idiots who fall for it and thus give incentive for both of the other parties to do what they are doing or even maybe no one is at fault and we are all just here trying to live until we die.

Re:And they wonder... (5, Funny)

wampus (1932) | more than 4 years ago | (#29408989)

Yeah, I was sitting over breakfast reading the Sunday Times and this popped up. Doomed.

Re:And they wonder... (0, Insightful)

Anonymous Coward | more than 4 years ago | (#29409009)

And they wonder - Why is print media dying?

Because they can't adapt properly. Seriously guys, filter your ads!

Exactly! We should help hurry old media to its demise so we can all count on the Almighty Bloggers for news! Because we all know it's far more trustworthy to get our news from a bunch of people who sit on their asses and regurgitate news articles written by people who actually go out and do investigative reporting for old media! So, once old media is killed, we can all...

Hang on, that's not right...

Re:And they wonder... (0)

Anonymous Coward | more than 4 years ago | (#29409115)

...we all know it's far more trustworthy to get our news from a bunch of people who sit on their asses and regurgitate news articles written by people...

Hey! You just described the newspapers in my town! They just buy cheap "filler" news from wherever. I'm in Vancouver, BC. Why would I want to hear about a kitten stuck in a tree in Luray, Kansas?

A comment by caption obvious (0)

Anonymous Coward | more than 4 years ago | (#29409143)

If its an online popup its not print media. Its online. The lack of filtering of online ads is not a cause of print media's death. However, online ads in and of themselves are a cause of print media's death.

New York! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29408885)

Hahahahahahahahahaha! New York! Center of the Universe! Whew!

More info on metafilter (1)

nstrom (152310) | more than 4 years ago | (#29408899)

I was hit by this issue earlier today, more info with some malware URLs available on metafilter here [metafilter.com] .

Happened to my Parents (5, Insightful)

QuantumG (50515) | more than 4 years ago | (#29408909)

What really annoys me is that these things are most effective because they use javascript alerts to freeze the browser. If you could just browse away from the crap, I could teach my parents just to ignore it.

"Javascript alerts are not tab modal" has been a known bug in Firefox going on 9 years now. It's not just an annoyance, it's a security bug, fix it!

 

Re:Happened to my Parents (5, Informative)

Anonymous Coward | more than 4 years ago | (#29409065)

Would that be this one [mozilla.org] ? That's pretty darned old. Reminds me a bit of the title text display bug that used to hit XKCD et al.

Re:Happened to my Parents (1)

baegucb (18706) | more than 4 years ago | (#29409151)

Firefox has not been around 9 years. More like 5 years under that name, and maybe 2 years before that as Phoenix/Firebird but it wasn't really very good in the early years. Perhaps you might want to install NoScript and Adblocker by default to any machine you may have to clean up.

Re:Happened to my Parents (1)

QuantumG (50515) | more than 4 years ago | (#29409171)

A rose by any other name....

Re:Happened to my Parents (4, Informative)

Ilgaz (86384) | more than 4 years ago | (#29409297)

If you used the evil closed source Opera browser, you would have "stop executing scripts from this page" option right below that javascript popup.

It is interesting since nobody really cares who takes what from other browsers, no "patent" or anything, especially from Opera side. It must be very easy to implement, why don't they do it? It is not some high tech JIT compiler either, a basic checkbox.

Re:Happened to my Parents (3, Interesting)

QuantumG (50515) | more than 4 years ago | (#29409397)

As I write this I'm trying to figure out how to do that in Firefox.. ya know, that whole "fix it yourself" open source thing. Nicest thing I can say about Firefox: at least the code is better than Open Office.

Damn right (5, Funny)

Anonymous Coward | more than 4 years ago | (#29408921)

but clearly downloading an .exe file isn't a good way to keep your computer clean ..."

Absolutely, .com, .bat and .scr are the only way to go!

[Informed Reader] (0)

Anonymous Coward | more than 4 years ago | (#29408923)

Unreal. Seriously NY times?!

All i can say is..... (0)

Anonymous Coward | more than 4 years ago | (#29408933)

Hahahahahahahaha!

We have seen this before so why whine now? Defend yourselves with commonsense and firewalls and Antivirus.

Having a Mac or a Linux system won't save you any longer so get on the stick!

So... (2, Interesting)

Skizmo (957780) | more than 4 years ago | (#29408943)

So thats why my Ubuntu is acting weird lately.

Funny (2, Funny)

bryan.copeland (1636229) | more than 4 years ago | (#29408951)

I get these occasionally as well me being a mac user it's humorous to see my "c:" drive being scanned ...

In my day ... (5, Funny)

PPH (736903) | more than 4 years ago | (#29408955)

... if we wanted to catch a virus from the New York Times, we had to read a copy that some hobo had used for a blanket.

Now you kids stay off my lawn!

it has been happening all weekend (4, Informative)

fermion (181285) | more than 4 years ago | (#29408983)

It really is a good social attack, reminiscent of the days when advertisers put 'click ok to continue' buttons to trick users to a promotional web site.

In this case, it runs a mock scan, states the computer is infected, and then pretends to offer help. The exe file sometimes gets downloaded. From the way I have seen IE work lately, I would not think the file would download without user intervention, but, the page does a good job of scaring users, so I suspect some might download the files.

The malware site is protection-check07com

malwareurl.com [malwareurl.com] has the owner listed as Elton John, perhaps on can think that this is pseudonym. Kind of lends credence to rules that require valid information on domain name registrations.

In any case, this is where the address is listed [google.com] . Looks residential, so maybe that is fake as well. I hope the protection-check people are not setting up some poor sod. Ha, protection check.

Of course this does bring up two issues. Everyone is afraid of viruses, so it easy to translate that fear into irrational action. It might make us think about some activities that went on this past weekend. Second, such attacks work on mimicking the theme of certain systems, so perhaps one countermeasure is to allow users to vary they theme. This might be very good for corporate machines, as firms might like custom themes. On Macs and *nix, of course, the attack did not work because the web page did not integrate into the background, an elephant is going to look quite conspicuous in a field of leopards.

Re:it has been happening all weekend (1)

Luke Wilson (1626541) | more than 4 years ago | (#29409417)

Everyone is afraid of viruses, so it easy to translate that fear into irrational action.

Exactly. Even if AV companies aren't making the viruses to keep themselves in business, their PR guys are doing a great pumping out a ton of fud to keep their sales up, and apparently the click throughs of any malware that looks enough like them.

I Applaud (3, Funny)

Anonymous Coward | more than 4 years ago | (#29408987)

I really have to thank the N.Y. times for going far above and beyond the call of duty and notifying their readers of virus infected computers.
Best 40 bucks I ever spent, I can now browse the web with confidence with my shiny new AntiVirus 2010 Enterprise.

Ads and proxy placement (4, Insightful)

bsandersen (835481) | more than 4 years ago | (#29409039)

The concern I have over the long term is that sites like the NYT may not know what advertisements will appear because they are placed by bulk-buying proxies that dispense them at page-load time, probably based on evil-cookie trails or other demographic markers. So, the question becomes: how should a presumably high-integrity site such as a major news outlet ensure quality when they've outsourced advertisement delivery?

Review of each possible advertisement would be onerous, but failure to have some standards in place will eventually lead to malware (or worse) injected into unsuspecting reader's machines. I just chuckled when it popped up. I run Macs at home. But, when things like this happen to family members running PCs (and we get the phone call) it stops being funny pretty quickly.

Is there a business case for reviewing advertisements (and the associated mobile code whether it be FLASH, etc.) for a 21st century "Good Housekeeping Seal of Approval"? After all, the NYT and others are just one virus (or porn advertisement) away from a PR nightmare.

Re:Ads and proxy placement (2, Insightful)

PCM2 (4486) | more than 4 years ago | (#29409089)

Review of each possible advertisement would be onerous

Seriously? So we're OK with major newspapers having absolutely no standards at all these days? What do you suppose people did back in the days before you could get ads via RSS feed?

Re:Ads and proxy placement (3, Insightful)

bsandersen (835481) | more than 4 years ago | (#29409149)

So we're OK with major newspapers having absolutely no standards at all these days?

I believe I said the opposite; I said a failure to have standards will cause problems.

What do you suppose people did back in the days before you could get ads via RSS feed?

They reviewed the advertisements with their clients directly. There were a few hundred per day and it was a manageable problem. Now, advertisements may be served by proxies and selected from among tens of thousands of potential ads, designed to be targeted to readers in specific geographic regions, income levels, purchasing habits, interests, age categories, gender, education level, or other factors.

The point of my post was that the combinatorial explosion of possible advertisement choices to be served-up on my specific page load may not be easily reviewable by NYT staff a priori.

Re:Ads and proxy placement (1)

ConceptJunkie (24823) | more than 4 years ago | (#29409377)

I don't know. Having low standards for ads seems consistent with their low standards for objectivity and truth.

Frankly, I can't see a moral argument for _not_ blocking ads any more. This crap is worse than the "Punch the Monkey" crap we used to be bombarded with*, only the poor non-technical users get pwned on top of it.

Advertising as a viable business model won't last another decade, and the biggest reason is the advertisers themselves. Look at network TV, which went from 5 minutes per half hour in the 60s to about 7 minutes per half hour in the 80s and are now breaking the 10-minute mark. I turned off the satellite subscription years ago. Hulu shows plenty of good TV (and a lot of crap, granted), but their commercial quantities are on par with the 1960s when they were quite reasonable... and they don't usually have commercials that are 10 times louder than the show itself (although that is changing recently). I can't imagine Hulu will last long, but it's great for now.

It used to gall me that the Washington Post, a supposedly respectable newspaper, would run page after page of bra and panty ads every day. Now we're getting malware from the NYT. Pretty soon we'll start seeing this crap on respectable sites like /.

* Since I haven't regularly seen ads on most sites in about 5 years, I can only assume those ads (and the people who made them) died the grisly death they deserved.

Re:Ads and proxy placement (0)

Anonymous Coward | more than 4 years ago | (#29409101)

Is there a business case for reviewing advertisements (and the associated mobile code whether it be FLASH, etc.) for a 21st century "Good Housekeeping Seal of Approval"? After all, the NYT and others are just one virus (or porn advertisement) away from a PR nightmare.

I think you're forgetting that major news Corporations still don't understand "the internet".

Remember, they still want to charge us for reading it online. The fat cats are *far* from any form of standardization of online content, *let alone* standardization that will cap there revenue (advertisements).

Bill Hicks / nuff said (0, Offtopic)

Johann Lau (1040920) | more than 4 years ago | (#29409085)

By the way, if anyone here is in advertising or marketing, kill yourself.

Just a little thought. I'm just trying to plant seeds. Maybe one day, they'll take root. I don't know. You try. You do what you can. Kill yourself.

Seriously, though. If you are, do. No, really. There's no rationalisation for what you do, and you are Satan's little helpers, okay? Kill yourself. Seriously. You are the ruiner of all things good, seriously. No, this is not a joke, if you're going: "There's going to be a joke coming." There's no fucking joke coming. You are Satan's spawn, filling the world with bile and garbage. You are fucked, and you are fucking us. Kill yourself, it's the only way to save your fucking soul. Kill yourself. Planting seeds.

I know all the marketing people are going: "He's doing a joke." There's no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend - I don't care how you do it. Rid the world of your evil fucking machinations.

I know what all the marketing people are thinking right now too. "Oh, you know what Bill's doing? He's going for that anti-marketing dollar. That's a good market, he's very smart." Oh man. I am not doing that, you fucking evil scumbags! "Oh, you know what Bill's doing now? He's going for the righteous indignation dollar. That's a big dollar. Lot of people are feeling that indignation, we've done research. Huge market. He's doing a good thing." God damn it, I'm not doing that, you scumbags. Quit putting a goddamn dollar sign on every fucking thing on this planet! "Oh, the anger dollar. Huge. Huge in times of recession. Giant market, Bill's very bright to do that." God, I'm just caught in a fucking web. "Oh, the trapped dollar. Big dollar, huge dollar. Good market, look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar ..."

How do you live like that? And I bet you sleep like fucking babies at night, don't you? "What did you do today, honey?" "Oh, we made arsenic childhood food. Now, good night. Yeah, we just said, you know, is your baby really too loud? You know ... yeah, the mums will love it, yeah." Sleep like fucking children, don't you? This is your world, isn't it?

--- Bill Hicks [google.com]

F-U New York Times! (3, Funny)

Morris Thorpe (762715) | more than 4 years ago | (#29409087)

I had the popup (despite FF w/adblock enabled) while reading a story this morning.
I never even considered that the Times would be running something like this so I launched into cleansing mode. I wasted an hour hunting for malware or a virus that was not there. Thanks a lot!

"If you wonder why... (0)

Anonymous Coward | more than 4 years ago | (#29409173)

your DVD player has a cup holder like your computer, click here."

Not even a News Corp paper! (1)

richardkelleher (1184251) | more than 4 years ago | (#29409239)

I could understand this if it were a News Corp paper like the WSJ, but a lie intended to induce fear and take money from people on the NY Times, seems out of place.

Seen in a google search (1)

MarcAuslander (517215) | more than 4 years ago | (#29409317)

A few days ago, my wife hit the same thing following a link in a perfectly benign google search result! she would have had no idea how to untangle this by herself, since I had failed to turn off firefox restore on error so killing and restarting firefox got right back to the problem.

Infected with Communism (0)

Anonymous Coward | more than 4 years ago | (#29409321)

First truthful article is a pop-up.

I got this a few other places (1)

istartedi (132515) | more than 4 years ago | (#29409369)

It seems to be back with a vengeance. Of course, I knew better than to click on it. I was really concerned that they already had my computer; but apparently they didn't.

You can't "view source" on their code, because it changes windows too fast. Ethereal, and its "follow stream" feature solve that problem. I was able to examine the code. I didn't really delve into it; but it looks like they've found some weaknesses in the scripts that allow you to somehow fake out the pop-up blocker.

Viewing the source allowed me to see the site they pull the JS from, and I simply redirect it to localhost now. That's a short-term fix of course. They really need to close the loophole that this code exploits.

Stupid Flash (0)

Anonymous Coward | more than 4 years ago | (#29409379)

I have popups turned off in the browser, as well as disallowing resize of windows, etc. (This is under Javascript/Advanced settings.) But somehow these things still happen and I believe it is because of Flash. I wonder why there is not a similar Flash/Advanced options? Who's fault is it, the browser/plugin developer or Flash itself? Integration of Flash and the browser has been done long ago. Isn't it about time we (users) get some control over what it is allowed to do? Is there any browser that has such options for Flash?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>