So much for a relaxing Monday morning blogging session.

I’ve been wanting to write something about the recent electronic attacks against the NY Times and other news papers. I don’t like to write baseless blog posts, so I decided to do some research and see what the media has been reporting. I Googled “NY Times hack” and clicked the third link from the top in the news results section, above the organic search results, which was to ABC News.

Instead of the article, Chrome immediately displayed a warning, telling me that malware was detected when I browsed to http://abcnews.go.com. If you look in my screen shot, you see that Chrome is complaining about content being served from cm.netseer.com, which apparently is a known malware distributor.

What does this mean? The bad guys ultimately want to get their malicious code running in your web browser. To do this, they need to plant their malicious code (aka malware) within the content of the web site that you want to view. In the context of what I experienced, this can happen at least two different ways:

  1. Bad guys take control over netseer.com, from which ABCNews already includes legitimate content (JavaScript, CSS, Images, etc). They replace the legitimate content with malware, and without anyway to tell the difference, ABCNews then points your browser to the malware. Once your browser downloads the malware from netseer.com, you have been attacked. Game over.
  2. Bad guys take control over abcnews.go.com, and embed references to malware stored on netseer.com directly within the real ABCNews content. Once you browse the ABCNews content, you have been attacked. Game over.

It doesn’t matter how the bad guys take control over web sites, as the end result for users is the same: malware infections on laptops, workstations, phones, and tablets.

It’s annoying and ironic to be served malware while trying to write a blog post on malware. Of course, clicking the link a second time takes me straight through to the article. This just reinforces something we already know: the Internet is a mine field, and you need to be careful where you click.

mal_small

After getting derailed by this minor malware fiasco, I found that my old colleague and friend Aaron Higbee wrote a nice piece for USA Today on the very subject I was researching: Why the New York Times, Wall Street Journal, were simple to hack.