Times Site Was Victim of a Malicious Ad Swap

By David F. Gallagher

Update | 9:48 p.m. We have published a more detailed account of how these ads appeared on NYTimes.com, with a look at the larger issues with security and ads.

The New York Times Company said on Monday that NYTimes.com was the victim of an attacker who first posed as a legitimate advertiser, then started hitting site visitors with aggressive advertisements that appeared to be warnings about viruses.

“Over the weekend, NYTimes.com was the victim of a malware attack that targeted several news organizations,” Diane McNulty, a spokeswoman for the company, said in a statement in response to questions about the rogue ads. “The culprit masqueraded as a national advertiser and provided seemingly legitimate product advertising for a week. Over the weekend, the ad being served up was switched so that an intrusive message, claiming to be a virus warning from the reader’s computer, appeared.”

Ms. McNulty said that in response to the problem, The Times suspended advertising that is inserted automatically into its pages by outside ad-placement companies, and posted a notice about the attack. “We now know how it occurred and have taken steps to prevent a similar situation from happening,” she said.

We are posting information on what to do if you saw one of these ads on the Gadgetwise blog.

Comments are no longer being accepted.

andrew September 14, 2009 · 2:25 pm

I guess newspapers hungry for ad revenue will inevitably let something slip through.

Joseph September 14, 2009 · 2:26 pm

The Times Comes Clean!

krzysz September 14, 2009 · 2:33 pm

This is a perfect example of why I use Adblock.

M.Bettler September 14, 2009 · 2:33 pm

I noticed this on my computer last week , I could not get rid
of this “Virus alert” advertisement and had to shut down the computer to de-freeze my screen from this idiot .

Marc Savoy September 14, 2009 · 2:34 pm

I had recently resumed frequenting the New York Times site numerous times throughout the day after a hiatus of several months and it seems I should have opted out for just only a little while longer.

All I am going to say is that am livid, livid beyond belief, absolutely inconsolably so, for the unrelenting anguish, hell I had been subjected to as a result of this unforgivable New York Times advertiser malware fiasco.

Phyllis Arbogast September 14, 2009 · 2:37 pm

Mistakes worm made.

misanthrope September 14, 2009 · 2:37 pm

I got hit by this. Definitely NOT what I expect from a supposedly legitimate site like the NYT. It also dropped a rogue file onto my PC which I discovered because I immediately run a trusted antivirus scan (Malewarebytes) when something like this happens

Harry Figov September 14, 2009 · 2:37 pm

I was a victim of this yesterday.

David Jones September 14, 2009 · 2:37 pm

Didn’t see it. But then I use certain Firefox add-ons which block much of this sort of stuff most of the time…..

Jon Braeley September 14, 2009 · 2:38 pm

I actually clicked on the times ad and got the virus warning and then my browser froze, because it detected a download. I am on a Mac so I was not that bothered but I bet a few PC’s got something extra that day!

Ted September 14, 2009 · 2:40 pm

The New York Times was the “victim?!” That is just asinine. The victims are your readers that were infected by a virus because of your laughable security procedures.

Walt September 14, 2009 · 2:42 pm

I’m glad I switched to a unix system

Molly September 14, 2009 · 2:42 pm

I was browsing the Times yesterday when this happened to me. It told me I had viruses and pretended to scan my C drive. Fortunately, I was browsing via my ipod Touch and knew such a thing was impossible.

Glad he got caught.

JL September 14, 2009 · 2:46 pm

I saw this. My antivirus program blocked some part of it, but I still got the annoying popup ad asking me to click for a spyware scan. Doesn’t seem do have done any damage.

HardyW September 14, 2009 · 2:46 pm

I was definitely annoyed by that yesterday.

Mary K O’Brien September 14, 2009 · 2:46 pm

It happened to me! In fact I had heeded the alarm and clicked on to facilitate the removal. The “anti-virus” program began its run, but luckily I was on the phone with a more tech savvy person. He advised me to cancel and/or delete and the program. This was hard to do, and I had to shut down and turn off my computer to stop it from running. It reappeared about 2 hours later in spite of the warning on the NYTimes site. And I was unable to access the 3 email addresses offered by the Times for info and assistance. Any advice?
Mary O’

Jennifer September 14, 2009 · 2:48 pm

Thank you for the timely warning … no, I’m kidding. I found out from the Washington Post. I didn’t appreciate the site of a well-known and respected paper pulling me out of the story I was trying to read, sending me to a Chinese site, and trying to force heavens-knows-what on my machine. (I’m on a Mac, so I don’t have anything to worry about, but it’s the principle of the thing).

I shouldn’t have had to find out from a site that not only isn’t yours but is a competitor … the Times should have removed this intrusive, fraudulent “ad” much sooner (yes, I know it was a weekend; so what?) and been much more up-front about the fact that its site was attempting to sabotage readers’ systems.

I know it wasn’t your ad, but it was your site, and so you are responsible and it’s your name that’s attached to this. I’ve always loved your content, and respected the Times for its longevity, integrity, and breadth/depth of coverage, but now I have to wonder which article I click is going to try to sabotage my computer.

The irony is that if this isn’t a good “ad” for those that make ad-blocking software, what isn’t?

Hemant Trivedi September 14, 2009 · 2:49 pm

Good Job NY Times! , for stopping it and reporting it. I have had malware attacks from other websites that host such sleazy advertisers.

Carl La Fong September 14, 2009 · 2:52 pm

Well I’ll be damned! I was wondering what caused that. Thanks for telling us.

Bruce W September 14, 2009 · 2:53 pm

Makes sense. An electronic ad that redirects to another site (like they all do), can be changed by changing the site that it linked to. Nothing the Times or any other site can do.

Criminal charges should be brought up against the advertiser for breach of contract. I am sure the contract specifies that the ad can not attack a user’s computer. The ad agency should know who bought the ad. We need the authorities (federal prosecutes I would think) to take action and hold the advertiser responsible. Only legal action and stiff fines will discourage this behavior in the future.

If I were the NY Times, I would be contracting the FBI now.

NDM September 14, 2009 · 2:55 pm

Some unanswered questions:
1. What does the malware do? How do you know if your machine is infected?
2. What is the name of the cookie it leaves behind?
3. Are Linux and Mac systems immune to this attack or just probably immune?
4. Is Snow Leopard more immune than earlier OS Xs?

jamiealex September 14, 2009 · 2:55 pm

So THAT’S what that was. I use Firefox/Adblock so I never saw an in-page ad or clicked on one, but at one point I got a (obviously to me fake) dialog box about a virus or virus protection, click OK to scan my computer. Knowing it wasn’t a real dialog box, I clicked the X to close, and that still took me to a web page. I used Task Manager to shut down the browser entirely without clicking/launching anything else.

Stephen Clark September 14, 2009 · 3:00 pm

After you apprehend the culprit, hire him.

Jeffrey September 14, 2009 · 3:00 pm

Can you please share the details of the attack publicly so that other networks/advertisers/publishes can remove this from the wild (and take steps from it happening again?). Who was the rogue advertiser, and what network did they use to distribute?

NYT has the clout to actually make ad networks realize they can’t traffic advertisements blindly.

Brian September 14, 2009 · 3:00 pm

As one who suffered through this attack, I hope the NYT is looking deeper into the specifics to see if there is any danger to our computers/programs. My virus detectors picked up nothing, but as we know, that might just be because this is something new.
Please check and get back to us with a definite answer.