IT | Security

Malicious Ad Strikes NYTimes.com

By: Absolute Team | 9/17/2009

If you regularly browse through the internet, chances are you’ve encountered a website that has been affected by a malicious advertisement.  It used to be that you could somewhat predict what sorts of sites would have these problems (spammy looking and adult-oriented sites) but now the problem is more prevalent.

Readers of NYTimes.com learned over this past weekend that even the most respectable sites can be affected by rogue ads.  Some visitors reported pop-up messages that instructed them to install a fake anti-virus software which, of course, is never a good thing.  To help warn readers, NYTimes.com posted the following tweet:  "Attn: NYTimes.com Readers: Do not click pop-up box warning about a virus - it's an unauthorized ad we are working to eliminate."

What can be done about this problem proactively?  As eWeek pointed out, it’s a tough situation especially when it involves a big outlet like NYTimes.com.  From their perspective, they’ve plugged in JavaScript to pull in their ads from suppliers, so I’m sure they believe they shouldn’t have to inspect every ad for malicious content.  At the same time, however, they do have a responsibility to protect their readers.  It’s a tricky problem to solve which is evident from how prevalent these ads continue to be.

Read more about the profitability of these ads as well as a detailed analysis of the code used to create them.