Monday, September 21, 2009

Malware Ads from Good Web Sites (How To Respond to an ‘Antivirus’ Pop-Up Ad)

The New York Times has published an article Times Web Ads Show Security Breach on September 14, 2009. This article responds to the malware ads that were seen through their web site over the weekend of September 12 - 13, 2009. The article includes the following:

"OVER the weekend, some visitors to the Web site of The New York Times received a nasty surprise. An unknown person or group sneaked a rogue advertisement onto the site’s pages. The malicious ad took over the browsers of many people visiting the site, as their screens filled with an image that seemed to show a scan for computer viruses. The visitors were then told that they needed to buy antivirus software to fix a problem, but the software was more snake oil than a useful program.

The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.

Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads.
"

Here is the image of the fake antivirus scan from the web site of The New York Times.



As this article from The Times illustrates, even well-known "safe" web sites can harbor malicious links and software.

We have seen an increase in these fake antivirus software scans in the College.

What should you do if you are suddenly bombarded with these fake ads? You can print our How To Respond to an ‘Antivirus’ Pop-Up Ad. Review these steps and be ready to follow them if you are faced with these pop-ups.

http://it.cas.psu.edu/1926.htm

Friday, September 11, 2009

QuickTime 7.6.4 Update Released

On September 9, 2009, an updated version of QuickTime was released (7.6.4). This update fixes an issue where opening a maliciously crafted movie file or FlashPix file may lead to an unexpected application termination or arbitrary code execution. In simple terms, malware could be installed on your computer. See more details here (Scroll down to the Security Updates section and click the link for QuickTime 7.6.4).

QuickTime is installed on all Enterprise computers. Apple's QuickTime software allows your Enterprise computer to view graphics, videos, on-line video streams (ex: Candidate Interviews in the College), and more.

Action Required: Please see our How To Install QuickTime for Windows using the Standalone Installer for steps on updating QuickTime to the latest version.