Instead of hacking into major online sites to embed malware, malicious hackers are going in through the front door by exploiting security holes in systems for delivering ads.

It happened just days ago, for instance, to the Web site of The New York Times. The newspaper company informed readers on Sunday about a rogue ad that was popping up on its site. The ad warned visitors to NYTimes.com that their computer may be infected with a virus and redirected them to a site that purports to scan the computer and offers to sell antivirus software.

This is common behavior for what is known as fake security alerts, or "scareware," designed to trick people into paying for something they don't need. Use of this type of scam is on the rise.

Typically, the site hosting the rogue alerts has been compromised, or a worm, like Conficker, distributes the alerts directly to computers.
Ads--the new malware delivery format 1e8cff2nytroguead
On his blog Input & Output, Seven Scale CEO Troy Davis offers an analysis of the scareware ad that appeared on NYTimes.com.
(Credit: Troy Davis)


More: http://news.cnet.com/8301-27080_3-10353402-245.html