IT security and data protection firm Sophos is warning internet
users who have visited the Gizmodo technology and gadget blog to
scan their computers after it was revealed that the website was
delivering adverts laced with malware last week.
According to a statement on the
Gizmodo website, the blog's advertising team were tricked into
accepting what they believed to be Suzuki adverts from a group of
hackers. As a result, one of the world's most popular blogs - with
more than 3.1 million page views per day - put users at risk of
infection with what is believed to have been fake anti-virus
software, designed to scam users out of their credit card
Fake anti-virus software (also known as scareware) attempts to
frighten users into believing that their computer is infected with
viruses and Trojan horses by displaying bogus alerts, and then
tricks unsuspecting surfers into making an unsafe purchase to
remedy the "problem".
"By hitting one of the biggest blogs in the world, these hackers
are aiming high. Their plan was to infect as many computer users as
possible with their malicious adverts. They know Gizmodo gets a
huge amount of traffic - once they infected the site through their
adverts they could just lie in wait for their victims to visit,"
Cluley, senior technology consultant for Sophos. "What is
particularly audacious about this plot is that the criminals appear
to have posed as legitimate representatives of Suzuki in order to
plant their dangerous code on Gizmodo's popular website."
Sophos advises both consumers and businesses to keep their wits
about them, and ensure that their computer security is up-to-date
and checking every webpage that they visit for dangerous code and
links. Websites that earn revenue through online advertising are
advised to implement proper checks before accepting new advertisers
on their sites.
Sophos notes that this is not the first time that hackers have
managed to infect a high profile website with significant traffic.
For instance, last month the
New York Times suffered from a similar attack after a gang of
purchased ad space posing as internet telephone company,
Vonage. Visitors to the New York Times website who were served the
poisoned advert saw pop-up messages warning them that their
computer had been infected, and urging them to install
"Scareware attacks like this are on the rise for one simple
reason - they work. Unsuspecting computer users are easily
frightened by bogus security warnings into installing and
purchasing fake anti-virus software, making cash for unscrupulous
hackers" explained Cluley.