A couple weeks back the digital version of the New York Times found itself hip deep in manure when it got tricked into serving up "scareware" ads to unsuspecting readers.
You know the scam. You're merrily surfing the Web when suddenly a window pops up: "Your computer is infected with malware, but if you send us $49.95 we'll clean it right up for you." Of course, there is never any malware. Nothing happens save for the bank draft. And then they'll scam you again in a few months with ads for another bogus product.
Usually these ads are the result of a malware infection itself, or something that sites serve up when you cruise the Net's dark and dirty underbelly -- or so I've heard, as I've never been there myself ;). Inserting them into the ad servers of a trusted site, though, was a stroke of malevolent genius.
The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.
Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place. “In the future, we will not allow any advertiser to use unfamiliar third-party vendors,” she said.