Is The IndiaTimes Website Bombarding Visitors With Malware?

from the can't-be-good-for-repeat-business dept

Mon, Nov 12th 2007 1:38pm — Mike Masnick

While it's well known that less well known sites may have been set up to maliciously install malware on your computer, most people assume (reasonably so) that larger, more well known sites are most likely safe to visit. However, one security firm is out raising the alarm that the English-language website of the India Times, a popular newspaper in India (which we've linked to multiple times in the past), is apparently chock full of risky pages that exploit various security vulnerabilities to try to download hundreds of malware apps to your computer. The security firm apparently first noticed this a few weeks ago, but didn't realize the severity until now. What's unclear from the description is how this is actually happening. We've heard stories in the past of scammers hacking into ad servers and serving malicious code that way, but there's no real indication that that's what's happening in this case.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: india, malware
Companies: india times

10 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

EXrider, 12 Nov 2007 @ 2:31pm

anywho.com
I remember anywho.com serving up a trojan via some unpatched ActiveX exploit to a bunch of people in our AR and CS dept's a few years ago. Fortunately the AV software on the desktops caught it, but I ended up just blocking the damn site a few days later because I got tired of people calling like OMG I GOT A VIRUS!
[ link to this | view in thread ]
Devang (profile), 12 Nov 2007 @ 3:09pm

They just don't know any better
All Indian newspaper websites have had a terrible pop-up problem almost since their inception (http://gujaratsamachar.com, http://mumbaisamachar.com, even the Times of India/India Times) which has begged the question, when will they hire competent web-design people instead of people who likely think more ads in places that people don't want is good for business.
[ link to this | view in thread ]
Max Powers at http://ConsumerFight.com, 12 Nov 2007 @ 3:32pm

Question
Maybe a little off topic but does anyone know or believe that my anti-virus software suite (McAfee) which expires in 2 weeks would or could send a Trojan to me, then pop up and clear the Trojan as a way to get me to renew?

I ask because of the timing of this. I have never had a Trojan appear in the past year. Now after they have been bugging me to renew for the last 30 days (and me not responding yet) this just happens to occur. Any thoughts?
[ link to this | view in thread ]
Rich Kulawiec, 12 Nov 2007 @ 4:08pm

Beat the rush: blacklist them now
The India Times has been a haven for spammers, phishers,
scammers, etc. for many years -- which is no doubt why a
quick check here shows them on 14 of the first 20 blacklists
that I checked.

Of course, from the outside looking in, it's not possible to
ascertain whether this is the result of pervasive incompetence
or systemic collusion. Not that it matters, really: the end result
is the same -- and so is the fix.
[ link to this | view in thread ]
jb, 12 Nov 2007 @ 4:22pm

Re: Question
Would not be a surprise, McAfee is garbage anyway, do not waste your good money, try sophos for their free trial and you won't be disappointed. It uses less resources and is a better all around security tool.
[ link to this | view in thread ]
todd, 12 Nov 2007 @ 7:37pm

Haaretz does this too
I get these kinds of popups from Haaretz, the Israeli newspaper, too
[ link to this | view in thread ]
Chuck Norris' Enemy (deceased), 13 Nov 2007 @ 7:30am

Re: Question
Well, if you didn't go to the India Times website you wouldn't be in this predicament.
[ link to this | view in thread ]
david, 18 Nov 2007 @ 7:39am

Re: Haaretz does this too
Every time I get one of those popups on Haaretz I make a screen capture of it and email it to one of their editors. They have never responded, so obviously they are aware of it and either don't care or are participating in it.
[ link to this | view in thread ]
Krevco (profile), 28 Dec 2009 @ 7:56am

I have a hard time believing that any reputable company, especially a news site, would be the host of an intentional malware attack. Doing that on purpose would just be public relations suicide. it is more likely that they got some good bids on ad space, and unwillingly invited in some malicious code. In this case, they deserve only some of the blame.
[ link to this | view in thread ]
Bob Cintelheim, 17 Mar 2010 @ 5:28pm

Re: Question
The same thing happened to my girlfriend's laptop when her McAfee was about to expire. I had to Malwarebytes it. Coincindence? I don't think so.
[ link to this | view in thread ]