The malware seems to be one of the many variants of the infamous Antivirus2009, which goes by many names, but does the same thing overall: It locks-down your computer and pretends to be an antivirus application that you need to pay $30-$760 for it to remove the mess of nonexistant malware that it claims is on your computer. (When, in fact, the only malware is the faux antivirus software itself, which does all sorts of terrible things.) Paying the fee to the authors of the ransomware does not earn you any relief from the software either, it simply opens you up to more extortion.

The last I heard, The New York Times staff were looking into finding the rogue ad, which contained some Flash scripting to redirect to the malware site. (This sort of problem is in no way unique to The New York Times. Every once in awhile a rogue ad slips through the approval process and ends up in a major banner network.) This brings up an interesting topic of discussion…

Online publishers need to move away from running Flash-based banner ads. There, I said it. By dropping ads built with Flash, you make it a lot harder, in not impossible, for malware to be spread through said advertisements. As valuable as Flash is for online video and games, it’s the root of all evil when it comes to ads. You can’t spread malware through a JPG, GIF or PNG image, and you can’t make ads that talk, play video, or fly across the screen either. Whenever someone complains about an obnoxious ad, chances are it’s Flash.

Update: It turns out that the ad was sold not through a third-party network, but through The New York Times’ internal sales department. The malware distributor posed as a legitimate company (Vonage) and then delivered the malicious ad code after paying. You can read the full details on NYTimes.com.

Further Reading

• What to Do If You Saw an ‘Antivirus’ Pop-Up Ad [NY Times]
• Home Delivery: The New York Times Serves Up Some Malware [All Things Digital]

If you follow me on Twitter, you may have seen the epic saga unfold: #1, #2, #3, #4, #5, #6, #7, #8, #9, #10, #11, #12.

The malware that invaded the Dell laptop, which is mainly used by my parents, though my younger brother used it that day, is known as “VirusWebProtect2008.” It’s one of those “Smitfraud” faux antivirus software packages that installs itself via a compromised website, causes mayhem, and trys to sell you “antivirus software” that will supposedly remove the virus. Essentially it

• Changes the desktop background to a biohazard symbol (though technically it’s just a window-thing floating between the desktop and your shortcut icons.)
• Adds icons to your desktop that link to the website where you’re supposed to buy the fake virus scanner.
• Disables Task Manager and RegEdit.
• Hides drives in My Computer.
• Hides the “All Programs” menu in the Start Menu, as well as “Run,” “Control Panel,” and the like. (Though you can still press Windows+R and use it to access “C:\,” and the control panel.
• Disables Firefox and hijacks the Internet Explorer homepage.
• Gives frequent warnings about nonexistent security threats, in an effort to sell you their crapware.
• Changes your systray clock to say “VIRUS ALERT” after the time.
• Intercepts Google and Yahoo search results, and makes the links jump to fake cybersquatter pages, in an effort to stop you from finding out how to remove the thing. (I did my searching and downloading on my MacBook, and transferred the files over the network.)
• Blocks access to sites where you can download tools that could possible remove the infection.
• Though the malware wouldn’t run in Safe Mode, some of it’s effects persisted, and made things hard for me.

I spent 6+ hours of work trying to remove the virus (plus a couple breaks to eat, and to watch the Netflix movie), until I finally found a fix. By midnight the malware was finally gone. I’d spent most of the day trying to clean the computer out, and hadn’t managed to find the time to write a blog post. (Lucky I had a couple timestamped posts ready…).

Now imagine for a minute that I did my blogging on a Windows laptop like the Dell, instead of my MacBook, and it became infected by a drive-by malware installation somehow. I might have it back up and running in a day or two, and be able to resume blogging, or I could have had much worse happen. The malware could theoretically trash my documents and apps (instead of just hijacking the computer), or lock it down the point where a reformat was necessary, and it would take a long time to recover from that.

So keep your antivirus definitions up to date, make frequent backups, run antispyware software, and do all those maintennance tasks you hate doing. If you get hit with malware, your laptop gets stolen or damaged, or if your desktop overheats and catches fire, you could be without a computer for a few days. You could use a public computer at your local library or internet cafe, but they’re not terribly conveniant, and you’ll have to rush to get all your work done in an hour or so (most libraries limit time on their machines, and net cafes can have some steep rates if you plan on spending three hours on theirs).