Internet users are being urged to inspect their computers after technology and gadget blog Gizmodo delivered adverts laced with malware last week.
The blog put a statement on its website apologising to users who had been attacked. Editorial director Brian Lam said, "We had some malware running on our site in ad boxes for a little while last week on Suzuki ads. They somehow fooled our ad sales team through an elaborate scam. It's taken care of now, and only a few people should have been affected, but this isn't something we take lightly."
The blog has 3.1 million page views per day. The hack put readers at risk of being infected with what is believed to have been fake anti-virus software.
Security firm Sophos said the software, which is also known as scareware, attempts to frighten users into believing their computer is infected and tricks them into buying a fake anti-virus remedy. The hacker then gets the user's credit card details.
Graham Cluley, senior technology consultant for Sophos, said, "By hitting one of the biggest blogs in the world, these hackers are aiming high. They know Gizmodo gets a huge amount of traffic - once they infected the site through their adverts they could just lie in wait for their victims to visit. What is particularly audacious is that the criminals appear to have posed as legitimate representatives of Suzuki to plant their dangerous code."
Last month, the New York Times website suffered a similar attack after a gang of hackers purchased advertising space by posing as internet telephone company Vonage. Visitors saw pop-up messages warning them that their computer had been infected and urging them to install scareware.
Cluley said, "Scareware attacks like this are on the rise for one simple reason - they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus software."
Photo by adria.richards on Flickr