Security protection firm Sophos warns that the Gizmodo gadget blog has inadvertently been distributing adverts corrupted with malware
Readers of technology and gadget blog Gizmodo could be at risk of infection from fake anti-virus software designed to scam users out of their credit card details, after the website was targeted by hackers.
Gizmodo, which receives more than 3.1 million page views per day, claims that its advertising team was tricked into accepting what it believed to be Suzuki adverts from a group of hackers.
“It’s taken care of now, and only a few people should have been affected, but this isn’t something we take lightly as writers, editors and tech geeks,” it said in a statement on its site.
IT security and data protection firm Sophos advises both consumers and businesses to ensure that their computer security is up-to-date and check every web page that they visit for dangerous code and links.
“By hitting one of the biggest blogs in the world, these hackers are aiming high,” said senior technology consultant for Sophos Graham Cluley. “They know Gizmodo gets a huge amount of traffic – once they infected the site through their adverts they could just lie in wait for their victims to visit.”
This is the latest in a string of attacks on high profile websites with significant traffic. Only last month the New York Times website suffered from a similar attack, when a gang of hackers purchased ad space posing as internet telephone company, Vonage.
“Scareware attacks like this are on the rise for one simple reason – they work,” explained Cluley. “Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus software, making cash for unscrupulous hackers.”
Earlier in the month Symantec issued a similar warning, revealing that scareware can net cybercriminals profits of more than £850,000 a year. “It is all about plausibility when these pop-up warnings appear,” said Professor David Wall, an expert in cybercrime from Leeds University.
“If they tell people to download software and then people are asked to pay for an upgrade, the user doesn’t feel scammed. In earlier days a skull would have appeared on your screen threatening to eat your hard drive. Now it has become silky smooth social engineering.”