Renowned gadget blog, Gizmodo, spreads malware via ads

October 27, 2009 Sophos Press Release

Gizmodo

IT security and data protection firm Sophos is warning internet users who have visited the Gizmodo technology and gadget blog to scan their computers after it was revealed that the website was delivering adverts laced with malware last week.

According to a statement on the Gizmodo website, the blog's advertising team were tricked into accepting what they believed to be Suzuki adverts from a group of hackers. As a result, one of the world's most popular blogs - with more than 3.1 million page views per day - put users at risk of infection with what is believed to have been fake anti-virus software, designed to scam users out of their credit card details.

Fake anti-virus software (also known as scareware) attempts to frighten users into believing that their computer is infected with viruses and Trojan horses by displaying bogus alerts, and then tricks unsuspecting surfers into making an unsafe purchase to remedy the "problem".

"By hitting one of the biggest blogs in the world, these hackers are aiming high. Their plan was to infect as many computer users as possible with their malicious adverts. They know Gizmodo gets a huge amount of traffic - once they infected the site through their adverts they could just lie in wait for their victims to visit," said Graham Cluley, senior technology consultant for Sophos. "What is particularly audacious about this plot is that the criminals appear to have posed as legitimate representatives of Suzuki in order to plant their dangerous code on Gizmodo's popular website."

Sophos advises both consumers and businesses to keep their wits about them, and ensure that their computer security is up-to-date and checking every webpage that they visit for dangerous code and links. Websites that earn revenue through online advertising are advised to implement proper checks before accepting new advertisers on their sites.

Sophos notes that this is not the first time that hackers have managed to infect a high profile website with significant traffic. For instance, last month the New York Times suffered from a similar attack after a gang of hackers purchased ad space posing as internet telephone company, Vonage. Visitors to the New York Times website who were served the poisoned advert saw pop-up messages warning them that their computer had been infected, and urging them to install scareware.

"Scareware attacks like this are on the rise for one simple reason - they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus software, making cash for unscrupulous hackers" explained Cluley.