Hackers bought ad space directly from New York Times

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Ghost on wall
The hackers who exposed innocent internet users to malicious computer code, bought the advertising space on the New York Times website directly from the newspaper it has been revealed.

According to a report published on the New York Times website, the hackers posed as internet telephone company Vonage, and persuaded NYTimes.com to run ads that initially appeared as legitimate online adverts.

It is believed that the adverts were switched to the malicious content late on Friday, causing pop up messages to appear on readers’ screens warning them that their computer had been infected, and urging them to install and purchase fake anti-virus software.

Vonage had advertised on the New York Times before, meaning the newspaper felt comfortable allowing the hackers to specify an outside vendor to deliver their ads who had not been vetted. Newspaper spokesperson Diane McNulty was quoted as saying, “In the future, we will not allow any advertiser to use unfamiliar third-party vendors.”

Sign up to our free newsletter.
Security news, advice, and tips.

New York Times CTO Marc Frons says that confusion about the offending ad’s origin meant it took a long time for them to shut the dangerous adverts down.

Scareware attacks like these are on the rise for one simple reason – they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus products, making cash for unscrupulous hackers.

* Image source: daisybush’s Flickr photostream (Creative Commons)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.