New York Times Serves Up Malware
Some folks who visited the NYT's web site over the weekend were greeted with a warning that their system was infected with all sorts of crap. Their ad system had been hijacked by folks posing as a legitimate client (in this case, Vonage) so that the false ads were served up, trying to get people to buy their worthless software.
This isn't the first time this has happened, sadly. According to the story, FoxNews was hit in the past as well. While I know media companies are desperate for ad revenue, they need to be more diligant about screening this type of thing.
Personally, I wouldn't lose a night's sleep if the creators of these scam anti-malware products were to disappear off the face of the earth. In some sort of gruesome way would be fine, too.
Reading some comments on other sites about this, folks are debating various anti-virus products. Avast vs. NOD vs. Avira vs. whatever is a moot point if you don't keep it regularly updated. I've had good luck with Avira, but I know people who swear by NOD and Avast. AVG is fine, but its spyware catching capabilities are pretty minimal in my experience. But for cripe's sake, update it. So many new computers come with a 90-day trial of some sort of anti-virus product that will stop updating after 90 days (I'm looking at you, Norton). People have been just starting becoming accustomed to clicking "Ignore" on the sales pitch warnings that pop up, so they will have a two-year old computer with an anti-virus program that hasn't been updated in a long time. Even if it isn't that great of a program, it's worthless if it's out of date.
I've also heard folks saying "If Windows were up-to-date and patched, this kind of thing wouldn't happen." Sorry, that's not always the case, either. Hidden PDF files exploiting weaknesses in Acrobat Reader have caused more trouble in the computers I remove malware from than Windows being out of date. (Generally the site's that have these kinds of embedded PDFs are sites people really shouldn't be on, but that's another rant for another time.)
And lastly, you need additional protection on-top of your anti-virus program, as they won't catch everything. I've had really good luck with Malwarebytes' Anti-Malware and SuperAntispyware. Both have free versions, but each offers a for-pay version that offers real-time protection that is probably superior to whatever protection your anti-virus program offers. I keep copies of both on a USB key. And while some of these really nasty nasties (like one I ran into last week) will detect if you're trying to run one of those programs and block it, a simple renaming of the executable will usually do the trick.