Internet users are being urged to inspect their computers
after technology and gadget blogGizmododelivered
adverts laced with malware last week.
The blog put a
statement on its website apologising to users who had been
attacked. Editorial director Brian Lam said, "We had some malware
running on our site in ad boxes for a little while last week on
Suzuki ads. They somehow fooled our ad sales team through an
elaborate scam. It's taken care of now, and only a few people
should have been affected, but this isn't something we take
lightly."
The blog has 3.1 million page views per day. The hack put
readers at risk of being infected with what is believed to have
been fake anti-virus software.
Security firm Sophos said the software, which is also known as
scareware, attempts to frighten users into believing their computer
is infected and tricks them into buying a
fake anti-virus remedy. The hacker then gets the user's credit
card details.
Graham Cluley, senior technology consultant for Sophos, said,
"By hitting one of the biggest blogs in the world, these hackers
are aiming high. They know Gizmodo gets a huge amount of traffic -
once they infected the site through their adverts they could just
lie in wait for their victims to visit. What is particularly
audacious is that the criminals appear to have posed as legitimate
representatives of Suzuki to plant their dangerous code."
Last month, the
New York Times website suffered a similar attack after a gang
of hackers purchased advertising space by posing as internet
telephone company Vonage. Visitors saw pop-up messages warning them
that their computer had been infected and urging them to install
scareware.
Cluley said, "Scareware attacks like this are on the rise for
one simple reason - they work. Unsuspecting computer users are
easily frightened by bogus security warnings into installing and
purchasing fake anti-virus software."
Photo by
adria.richards on
Flickr