Malware on Reuters website?
by tdaxp ~ February 6th, 2009
According to Wikipedia, malware is “software designed to infiltrate or damage a computer system without the owner’s informed consent.” Reuters.com is currently acting as a transmission vector for malware.
This just happened on two different websites on Reuters.com.
When loading a new page, my browser is hijacked and goes to a website caled antimalwarescanner.com A fake message then comes up, which reads:
Alert http://antimalwarescanner.com
Warning!!! Your computer contains various signs of viruses and malware programs presense.Your system requires immediate anti viruses check! Antivirus 360 will perform a quick and free scanning of your PC for viruses and malicious programs.
A graphic then comes up, spoofing the windows “My Computer” layout. A fake “anti virus” runs, with this sort of scary output:
The fake interface is a clever combination of Windows XP and Windows Vista elements.
This same company has hijacked ads on other webssites before, but it is disturbing that whatever method they are using, Reuters let it slip through.
Likewise, it is disturbing that modern browsers allow this sort of hijacking, though I realize that disabling the software features that this virus used would disable other useful features as well. (Microsoft browsers are open to even worse malware attacks, thanks to their poorly-thought-out ActiveX architecture.)
February 6th, 2009 at 9:49 pm
I saw this same thing happen to me twice, both times accessing Reuters. Thankfully, I realize it was malware attempting to install itself through the Reuters website, and I closed the window. It popped-up with a fake Windows security alert when I tried to close the window too claiming there were 200 trojan viruses on my hard drive in an attempt to con me into downloading and installing the malware. I called the main number for Reuters in the USA (646.223.4000) and they proceeded to tell me that Reuters has “no control” over the ads that are displayed through feeds on the site that it is managed by a “third party.” I asked whom I could speak to about this further, and I was told that there wasn’t anyone. Sounds to me like Reuters needs a listen in IT management.
February 7th, 2009 at 6:39 am
Interesting!
I will try to call on Monday .. calling (646) 223-4000 gives a message that apart from news everyone is off until Monday.
They either do not realize, or do not care, that they are in the business of distributing software 24/7, not just during normal business hours.
February 7th, 2009 at 12:54 pm
Just got prompted with a message box with exact same text you did.
February 7th, 2009 at 5:35 pm
Looks like the problem no longer is persisting on the site. I checked with them and got through and they addressed the issue immediately. Took them a little time to find the root cause, but received more than adequate responses.
February 8th, 2009 at 6:38 am
M & M,
Thanks for your work! Which method did you use to get through on weekends?
ChuckV,
I wonder how many other people were exposed/infected?
February 8th, 2009 at 12:22 pm
My system wasn’t infected, but I did a little further checking and supposedly Reuters manually controls and serves-up their own ads not using a third-party provider as I was originally told. This leads me to wonder who authorized this ad campaign at Reuters.
February 9th, 2009 at 11:59 am
this happened to me twice on saturday. i don’t think i got infected with anything, but it definitely gave me a scare as I was browsing on my work laptop at the time.
February 11th, 2009 at 9:57 am
More on this from ehMac [1]
Too bad that the Reuters news division does not even cover such harm coming from Reuters marketing arm!
[1] http://www.ehmac.ca/mac-ipod-help-troubleshooting/55958-reuters-com-malware.html
August 27th, 2009 at 8:01 pm
At least you guys did not fall for it. The fake antivirus 360 often times disables your task manager and highjacks your desktop. It’s getting harder and hard for sites to stop this kind of thing. Anyone who allows others to open a site or create a webpage on their server is at risk. Take Digg for instance. It’s almost a crap shoot now a days. If you follow a link and do not have antivirus protection you are sure to get infected after a few click throughs.