Tekblog

This morning I received an IM from someone concerned about a pop-up ad he had received from reading a post at the New York Times.  He could not remember the exact NYT article, but he did remember the advertisement attempting to download something to his computer.  This wasn’t just any pop-up ad either, this ad contained a redirect link to  malware hosted at protection-check07<>com.

After performing a few Google searches I posted this tweet at Twitter this morning [9:30 am EDT]:

Then at 12:54 pm EDT, The New York Times, @nytimes on twitter posted:

At 2:19 pm EDT an editor at The New York Times @palaro on Twitter  posted:

Note to Readers – NYTimes.com

At 2:49 pm EDT Jen Preston , Social-Media Editor for The New York Times, (@NYT_JenPreston on twitter) posted:

Steven Musil from Cnet stated in article New York Times site battles rogue ad:

The New York Times Web site is grappling with problems created by “an unauthorized advertisement,” but it is unknown how the ads appeared on the site and whether the Web site had been compromised.

These ads are capable of quickly switching IPs with a base originating at clients.your-server.de

09/13/09 15:06:56 dns http://protection-check07.com/1/
Canonical name: protection-check07<>com, best-antivirus3<>com
Addresses:
94.102.51.26
88.198.107.25
91.212.107.5

Whois details
Domain IP(s):     Reverse:
88.198.120.177    static.88-198-120-177.clients.your-server.de
83.133.126.155    t529.1paket.com
91.212.107.5    91.212.107.5
188.40.61.236    static.236.61.40.188.clients.your-server.de

Check for complete details regarding the listed domains at malwareurl.com.

I will post more details here as information becomes available!

Home Delivery: The New York Times Serves Up Some Malware

“Here’s a front page story the New York Times (NYT) would rather not be running: The paper is warning readers to be aware of  bogus ads running on its Web site.”  –Peter Kafka | @pkafka on Twitter

Rogue NYTimes.com ad leads to fake anti-Virus

“What is known so far is that the Rogue anti-Virus attack came from the advertisements served on NYTimes.com. There was no pattern to the anti-Virus warnings, which appeared as an article was loaded.” –Steve Ragan

Late Update

I was served malware ad on @nytimes/nytimes.com (“the ad”). Here’s forensics and source: http://bit.ly/nytmalware # 11 mins ago. Follow @troyd

New York Times warns readers of website virus

Times Web Ads Show Security Breach

“OVER the weekend, some visitors to the Web site of The New York Times received a nasty surprise. An unknown person or group sneaked a rogue advertisement onto the site’s pages.” –ASHLEE VANCE

Until Next Time — Stay Safe Online!

Tags: advertisements, adware, best-antivirus3, clients.your-server.de, fake-antivirus, New York Times, protection-check07, rogue ads