IT security and data protection firm Sophos is warning internet users who have visited the Gizmodo technology and gadget blog to scan their computers after it was revealed that the web site was delivering adverts laced with malware last week.
According to a statement on the Gizmodo web site, the blog's advertising team was tricked into accepting what they believed to be Suzuki adverts from a group of hackers.
As a result, one of the world's most popular blogs – with more than 3,1-million page views per day – put users at risk of infection with what is believed to have been fake anti-virus software, designed to scam users out of their credit card details.
Fake anti-virus software (also known as scareware) attempts to frighten users into believing that their computer is infected with viruses and Trojan horses by displaying bogus alerts, and then tricks unsuspecting surfers into making an unsafe purchase to remedy the "problem".
"The hackers aimed to infect as many computer users as possible with their malicious adverts; they know Gizmodo gets a huge amount of traffic,” says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. "Posing as legitimate representatives of Suzuki in order to plant their dangerous code on Gizmodo's website is a bold move on behalf of the criminals.”
Sophos advises both consumers and businesses to keep their wits about them, and ensure that their computer security is up-to-date and checking every web page that they visit for dangerous code and links. Web sites that earn revenue through online advertising are advised to implement proper checks before accepting new advertisers on their sites.
Sophos notes that this is not the first time that hackers have managed to infect a high-profile web site with significant traffic. Last month the New York Times suffered from a similar attack after a gang of hackers purchased ad space posing as internet telephone company, Vonage. Visitors to the New York Times web site who were served the poisoned advert saw pop-up messages warning them that their computer had been infected, and urging them to install scareware.
"Scareware attacks like this are on the rise for the simple reason that they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus software, making cash for unscrupulous hackers," Myroff adds.