Home Delivery: The New York Times Serves Up Some Malware
The paper says “some readers” have seen unauthorized pop-up ads promoting antivirus software on NYTimes.com, and warns visitors who see the ad not to click on it but to restart their browsers instead. While the Times doesn’t spell this out, the newspaper has likely had its site hijacked by a “malware” scammer who is trying to trick visitors into installing pernicious software onto their hard drives.
MediaMemo reader Tim Minter passed along an image of the pop-up below (click to enlarge). Here’s his description of the way it appeared on his desktop:
The ad hijack[ed] my computer. Say I’m reading an article (the Clean Water Act was the one that caught me). It then redirects my browser involuntarily to sex-and-the-city.cn. That site then redirects to the ad I screen-captured.
At no time did I click anything. That’s what is so nefarious about this malware.
Thankfully, since I run OS X, I knew immediately it was malware (seeing WindowsXP on a Mac where that’s not installed is suspicious).
You generally have to travel farther down the Internet publishing food chain to find this kind of bogus ad–go hunting for porn and/or illegal downloads, for instance, and you’ll find plenty of this stuff.
But Web advertising is still a wild and woolly place, and this type of thing still plagues high-end publishers too. Sometimes it’s the fault of ad networks the publishers use to move their unsold inventory; sometimes the bogus ads are bought directly from the publishers themselves.
I’ve asked both the Times PR staff and ad tech team for additional information about the ads, but haven’t heard back yet. Still, you have to give the paper credit for flagging this on its front page at all.
UPDATE: The Times’ explanation: A hacker duped the paper by buying the ad directly from the paper’s sales staff, then disguising it as a legit ad for a week.