Star Tribune infecting web readers with a computer virus
Reports of the problem surfaced this morning. Here's one email that was making the rounds among government employees:
We have received a number of tickets this morning reporting a screen that pops up reporting that the PC has a virus and wants the user to purchase software to repair the problem. The PCs have been infected by malware and the screen is a fake. Users have reported going to the Star Tribune website and picking it up. The Star Trib has been working on repairing their site. We have also had the malware picked up from other media websites - reportedly any owned by Gannet. Please refrain from visiting these media websites until they have fixed them.The Star Tribune acknowledged the problem in a note posted on its website at 2:11 p.m.
We received reports over the weekend that a third-party advertising network had been placing a "Malware Ad" onto our site.
A "Malware Ad" is a potentially malicious ad that could contain a virus or attempt to get you to pay for unsolicited services. The ad informs you that your machine has been infected with a virus and that you should click it to run a scan on your machine. We do not approve of this ad and consider it a potential security threat to your computer -- although we do not yet know that for certain.
We take this situation very seriously and are responding aggressively to get it resolved. We have removed all ad networks from our site. All advertising networks will be required to perform complete a check of every ad they run, and to verify that they are not running this ad, before we allow them to run on our site.
If you have seen an ad matching this description after 1 p.m. today (Monday), please let us know about it by emailing email@example.com.
If you become infected with the Strib virus, Bob Collins of MPR has helpfully pointed us to this site which gives instructions on how to remove the offending code.
Antivirus Live is one of many fake antivirus applications like Advanced Virus Remover and Internet Security 2010, that are really rogue viruses that take your computer hostage--then they tell you that your computer is infected by viruses, and you have to pay them to get rid of the fake viruses that aren't really there. It's a huge problem, and they are not easy to remove, because they block virtually everything you try and run, including real anti-malware tools.
The Star Tribune is one of the most-read newspaper websites in the United States. How it could have such an epic fail is something that will need to be explored by the paper with full transparency if it hopes to retain its online readers, especially since management has signaled it will soon start charging users.