New York Times eh?
They certainly picked a suitable bunch of w@nkers!
The New York Times was co-opted into pushing fake anti-virus malvertisements after hackers broke into its banner ad feed over the weekend. Surfers visiting the site were confronted by malicious pop-up window that falsely warned that their systems were infected. The ruse was designed to scare people into buying a clean-up …
Maybe I'm jumping to conclusions here, but...
Lovely how the NYTimes spins it to make it sound less serious, changing the scenario from a hacked website that could potentially put visitors' safety at risk, to merely an innocent-sounding "unauthorized advertisement."
They'd make good politicians. "No, that enemy ICBM didn't land in Los Angeles killing the entire population; instead it was merely an unauthorized detonation."
Would be nice if some of these not-accountable-to-customers corporations would fess up to their own security problems instead of trying to downplay everything. "Oh don't worry dear public, everything is alright." I think not.
"But it would scare off our customers" - well if enough customers got scared at enough different websites, maybe people would start taking security seriously and DEMAND CHANGE as far as how website security, IT etc., is handled. It'll never happen as long as these lazy companies continue to shift the blame to someone else.
As my colleague Graham states on his blog (linked from the main article), although the technical process of screening the ads should be done by the advertising network, "it is the responsibility of the webmasters at the media organisations not to do business with ad suppliers who can't manage this problem properly."
This is not the first time a major site has been bitten by its advertising providers, nor will it be the last. We must urge sites using third party advertisers to add security clauses to their contracts along with their other terms.
In the meantime we can all protect ourselves by using one of the browser plugins or security settings that disable scripting in our browsers.