back to article Thousands snared by malware warning from big-name websites

Thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites, a researcher warns. The scam is the latest to piggyback on banner ads that are fed to high-traffic destinations. Malicious code …


This topic is closed for new posts.
  1. Steve Rush

    The old rule still applies:

    IF IT'S SPAM, IT'S A SCAM! This goes back to the dawn of Usenet, before the Web was even thought of.

  2. Brett

    The even older rule applies....

    If someone tells you about a problem you have never heard of then in the next breath will fix it for a price then its a scam.

  3. Steve Roper

    Which is why you should be...

    ...using Firefox with NoScript and Adblock Plus. No scams or spyware detected here - and ad-free surfing!

  4. Sterling Udell

    Ran into this myself

    on Monday at - a real, mainstream magazine site. Banner ad popped up the warning described in the article and automatically redirected me to malware-scan dot com (note: DO NOT VISIT THIS URL). I immediately shut the browser window and thought, "Was it really Business Week that just spammed me?" So I tried their site again, and this time had no trouble - which I now understand to be the intermittency of the attack, also described here by El Reg.

    So yes, let's be careful out there.

    @Steve Roper: I'm a JavaScript developer by trade, so running NoScript isn't exactly an option for me. Additionally, I take the position that JS seriously enhances the web experience (ever heard of AJAX?), so IMHO it's worth the small risk. Plus NoScript apparently won't always protect you from this attack anyway...

  5. Anonymous Coward

    Install windows behind a firewall and open IE

    A default install of windows from behind say a dozen firewalls and think your safe. Open your browser and low and nehold it goes to msn site that has more banner ad's layden with lots of unwanted goodies.

    Bottom line get a memory stick with yoru AV and firefox and install from there if you want to be banner safe.

    I've seen many people take precautions and still after install AV once installed spots issues all down to that initial opening of IE and being shown lovely MSN with banners.

  6. Jason Rush


    one of my customer's got this bad boy and ill tell you what, it looks very legit, to my eyes i knew something was wrong but to any typical EU this looks normal. its mean too, i couldnt find one Anti Virus which actually could remove everything nor one Spyware/Adware program, i ended up having to removed what i could with programs and the rest done manually. be carefull with this one.

  7. Anigel

    ever heard of AJAX?

    Oh yes thats the thing everyone has to use cos its all web 2.0 even if it makes no sense at all to use it for what they are using it for.

    The company I buy my domain names from recently upgraded its entire control panel to an ajax app.

    Everysingle page is an ajax request so instead of clicking a link and getting the next page served up with nameservers or whatever in it I click a link and get an ajax wait screen whilst it renders the whole new page using ajax

    Sad really as most of the stuff I see regularly done with ajax is only actually done that way so they can say they use ajax. If it is an appropriate use for it is never thought of.

  8. Anonymous Coward
    Gates Halo

    I was attacked this morning

    some blog website (RFID related) delayed loading the page for a few seconds, whilst Safari on my Mac asked do you *really* want to download "media_codec_install_wizard_new2xxx3912972.exe" which contains an application (from via I cancelled the already auto-started download , for fear of being labelled a terro*ist for hosting an unlicensed server that might facilitate "the distribution, or otherwise making available, of a message to the public, with the intent to incite" of any of a series of terrorist offences. the few seconds of profiling that the poisoned web site subjected me to happily didn't manage to whack me with anything Mac specific.

    and when I hex-edit the bit of the .exe that I did d/l by accident I find the following reassuring statement in the header "This program must be run under Win32" and in the body of the assumed Malware

    DVCLAL PACKAGE INFO V (?xml version="1.0" encoding="UTF-8" standalone="yes"?)

    (assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0")






    (description)Windows Shell(/description)

    (trustInfo xmlns="urn:schemas-microsoft-com:asm.v3")



    (requestedExecutionLevel level="requireAdministrator"/)













    ..........etcetera for about 128Kb ( I remember the good old days when viruses were tiny!) this sort of (assumed) malware is fine by me, as it seems to be aimed at Vista? I think the manifest file code above ensures that the malware runs on Vista with full administration privileges,

    oh well, back to work, without spending the rest of the day nuking and reinstalling Win32

  9. Anonymous Coward
    Anonymous Coward


    The Reuters website has been serving up these ads for a while now,

  10. adnim

    what is

    .. a banner ad?

    Thanks to the developers of Firefox, Adblock and NoScript

  11. Anonymous Coward
    Anonymous Coward

    Saw this just 5 minutes ago

    Got this on this morning - was a bit surprised, to say the least!

  12. Darren7160

    If only...

    For years I have wondered about the frothing at the mouth of the evils of spam. Yes, I do understand the resources used/stolen by mass e-mailings. What I saw was the spam was costing companies money and they could convince the public and government that spam was the worst thing on the internet... because it was costing them money. Users were not incredibly directly effected other than having to remove a bunch of garbage e-mail.

    When it came to all the malicious spyware, maleware and phishing everyone was relatively quiet. This seemed to me to be because so many were making money from these activities. Vendors selling anti-whatever software... But until someone other than the hapless users are effected then not much is heard.

    This is an IT site and I enjoy dropping by 2 or 3 times a day to see what are the latest articles and comments, but to me, IT is about providing information to the end user, whether it is someone sitting at a desk in a company or someone at their home wanting to use their computer.

    I cannot, and will not, expect them to have an understand of technology such as most people here have. It is about providing information to the fleshware so it can be used... not a geeky, joyful appreciation of the latest shiny gizmo.

    As the prototypical user I think of members of my family wanting to browse news stories, play online games and e-mail. They should not be considered "suckers" for being victimized by not knowing about firewalls, activating or deactivating scripts or any other such nonsense.

    I know that this is "pie-in-the-sky" thinking and not seen as realistic by those in the know, but that is where we should aim for... to make the experience/use of information as available as possible, regardless of the level of expertise.

  13. Anonymous Coward
    Anonymous Coward

    I'm getting sick of saying this now ...

    ... but was Linux affected? No? What a surprise.

  14. Anonymous Coward

    Block the ad-hosts from your etc/hosts file

    Google to find the no-ad-hosts app. It will fix your etc/hosts file to redirect ads to

    I've been wondering when they'd start using the ads to infect users. Anyway, it isn't necessarily the attack vector that should be considered; it is the fact that it is obviously a scam (as people have already pointed out). What is of concern is the fact that it automatically redirects people to infected sites; that isn't nice.

  15. Matthew

    Banner Ads?

    Were those the things I used to see before I installed Opera? I seem to recall something along those lines but didn't realise anyone still used ads on web pages...

    Seriously, though, the old 'block content' option filters so much dross from pages that after a few sites' ads have been blocked, Opera users will never see an ad again.

  16. arbeyu


    I totally disagree with your attitude re the prototypical user...

    Most people would learn to use - RTFM - a consumer appliance, be it a toaster or video-recorder before using it. Yet they expect to be able to use a computer without any knowledge whatsoever. Why is this? Misusing a toaster isn't going to get your credit card details stolen.

    We've reached the point where most attack vectors have been closed - it's much harder to catch a virus simply by opening an email or visiting a web-site or just connecting to the internet. The vast majority of attacks rely on user ignorance.

    We're not talking here about a need for a level of technical expertise - we're talking about a need for simple common sense: Don't believe everything you see on the screen; don't give out personal details just because something asks you to; don't blindly click 'ok' when a warning box appears; do install security updates; etc.

    People aren't 'considered "suckers" for being victimized by not knowing about firewalls, activating or deactivating scripts or any other such nonsense' - they are considered suckers because they use computers without using their brains at the same time.

    The easier we make computers to use, the worse the problem is going to get because more and more people who know less and less about computers are going to be clicking buttons left, right and centre without a clue as to what they are doing.

  17. Pascal Monett Silver badge

    AJAX ? Yeah, I've heard of it

    Like Flash. heard of that too. And I've FlashBlock and AdBlock on my Firefox browser.

    I trust no site that overloads its site with code when simple HTML could have done just as well.

    And I don't need no stinkin' app to set a redirection in my etc/hosts file, thank you - did that years ago with my keyboard and Notepad.

    Frankly, all this hooplah around code in web sites is getting on my nerves. Stop polluting my bandwidth with all this gunk I don't need that only serves to give you web coders the means to track what I do in the vain hope that you can then target my needs more effectively.

    Well I've got news for you guys : you can't "target" my needs. You just can't.

    But hey, don't let that stop your career. So long as there are other coders developing AdBlock, FlashBlock and soon AJAXBlock, I can continue to ignore your annoying stuff and you can keep making money out of it.

    Happiness all around then, right ?

  18. RW

    @arebeyu: iToaster

    "Misusing a toaster isn't going to get your credit card details stolen."

    Then why aren't computers designed for the same ease of use as toasters?

    "they are considered suckers because they use computers without using their brains at the same time."

    Most people don't have the necessary brains.

    But my point is not to flick chickenshit at arbeyu; it's that today's personal computers are designed by ...and FOR... a buncha geeks who are not at all representative of the man in the street. Which in turn raises the question "what would be an appropriate design of an Information Toaster?" It's struck me for some time that the whole idea of having OS & app code on a writable disk is a mistake: why isn't that stuff on read-only CDs?

    Yes, yes, I know, then we get into the evils of bundling with OSes that don't allow any 3rd party apps at all. Debate away, gentlemen.

  19. arbeyu


    "Then why aren't computers designed for the same ease of use as toasters?"

    Because computers are far, far more complicated than toasters.

    "today's personal computers are designed by ...and FOR... a buncha geeks who are not at all representative of the man in the street"

    No, the problem is that operating systems for today's computers are designed for people who don't understand that computers are far, far more complicated than toasters.

    If they were designed for geeks, then we wouldn't have half the problems we do... because geeks at least have their brains present, correct and switched on.

  20. peter Silver badge


    I pulled down with wget and got this dull page:



    <title>Welcome to nginx!</title>


    <body bgcolor="white" text="black">

    <center><h1>Welcome to nginx!</h1></center>



    So I switched to 'doze and Opera, I got the identical result. :(

  21. Darren7160

    Not New

    My complaint (or observation) isn't anything new. I remember reading John Dvorak writing about this back in Compute Magazine (1983 or 1964). That was in the days when I was typing in pages of machine code nto my Vic20 and saving it on my tape drive to get the programs out of the magazines. Ahoy, Compute, Compute Gazette...

    I dual boot Ubuntu and Windows Vista (running Ubuntu about 90% of the time, but let's not go there) because I love to play around and try different operating systems and software.

    Actually, for the next few years, my prototypical user is valid. Yes, some professors in college act as though they just discovered the interweb...but most kids can get along fine. Though, many too are simply users who want to write term papers, chat, browse or create a MySpace. Jave, Flash, ports. TCP/IP, Active X... they couldn't care less and I still contend that they shouldn't have to to be able to enjoy the benefits of operating a computer.

    A toaster really isn't on the same level as a computer... more like a VCR with a blinking light. I wish computers were as simple as a toaster... which is my point actually.

    I have been involved in electronics, teaching and technical writing. I take it as an axiom that a person's inability to understand what I am saying isn't their fault, I just haven't found the right way to express something so they understand.

    Anyone interested should check out Garner's Multiple Intelligences. It helps explain why, even after readying the manual (or RTFM, if you please) the person still has no idea. Are they a visual learner? Was the manual written clearly, guiding the person to the proper location to find the answer?

    My points were simple, simplify aspects of the computer, tighten up the system against exploitation and generate the same legislative interests that spam invoked.

    Are these all inclusive? Probably not. But, I for one, try not to think unkindly of a person (such as my parents or family) who just want to do the common things on the computer such as the ones I have mentioned.

  22. Jach


    You mean Web 2.0's buzzword for Frames. Frames are still evil, I don't see why people think Ajax is any better. If all you want is for JS to query a PHP script for values or what have you, you don't need Ajax.

    I try to keep my web pages javascript-free, using it only when absolutely necessary. (Except now they're saying that innerHTML is bad. I'll use it until they remove it.)

    As for the malware: Get Firefox with NoScript and AdBlock (it's really easy to let NoScript run scripts on a page, to the developers), don't be a retard by downloading stuff that randomly tells you that you should, and install Linux.

  23. Steve Roper

    @ Sterling Udell

    I am also a web developer and I also use Javascript to enhance the web pages I design. But you have to accept that people do run with Javascript disabled and it's your responsibility as the developer to make sure that the site runs without it - if all your <noscript> tags say is "You need to enable Javascript to view this site", then you are losing traffic and pissing people off.

    Some functionality requires Javascript and this of course is where you can advise the user that IF they turn on Javascript, they'll get access to more features - but your site should still give them enough to want to stay, look around, and maybe earn their trust so they decide to enable it.

    That's why I DO use NoScript and AdBlock - not only for protecting myself when surfing other sites, but for testing my own to make sure they work without Javascript (or AJAX, which is just Javascript on steroids), and if an ad banner or whatever is blocked, that an ad blocker doesn't break the formatting.

  24. John Benson

    two countermeasures

    1) When I see those threatening ads come up, I invoke the Windows Trusted Path (three-fingered salute), run Task Manager, and kill off the web browser. I consider any and all browser interaction dangerous after I see anything funny.

    2) Eventually I hope to do my general browsing out of a lean, clean Virtual Machine running some flavor of Linux configured just the way I want it, each time, every time (I'll dispose of the virtual machine and fall back to the original when I feel suspicious, or just for the hell of it). Until then, I'm thinking about a Knoppix or Puppy Linux Live CD with just my data on a USB drive: that's a very simple way of starting clean each time, every time.

  25. A.A.Hamilton

    Where's the protection?

    I personally experienced the 'benefits' of this bogus warning some time ago. I am just a USER of computers, not a designer, researcher, critic or analyst of computer sytems, hardware, software or firmware. I don't need to understand all the technicalities that others are referring to because I expect the services I have paid for (e.g Antivirus, AntiSpyware etc) to protect me. But they don't. This puts USERS, like me and I suspect 95% of the rest of the population, at great risk.

    I tried resolving this problem myself, but admitted defeat after 4 weeks of trying. I enlisted the help of the on-line community and some brave soul at the UK operation 'Webforum' finally assisted me to remove the infection. It took us a further 2 weeks to do this. At no time did any of the top 10 so-called AntiSpyWare offerings detect, let alone remove, the infection. So, what are they worth? Zero in my opinion.

    This brings me back to my chief opinion: USERS are put at extreme risk by these so-called operating systems from Microsoft. They (MS) are aiding and abetting the perpetration of a criminal act by inducing - nay, forcing - people to buy their vulnerable offerings. This has to be stopped, surely?

    The only reason I did not drop fully into the scam, having become infected, is because the defective minds that create these things don't seem to realise that there is no 'Security Centre' under Win2k, and no Win2K message windows look anything like WinXP.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020