This morning the Prague based antivirus company Avast! pushed notification to it’s subscribers of the presence of malware on the LA Times website. The notification came by way of a link to a blog on the antivirus company’s site delivered with the morning’s virus signature update. According to the blog’s writer, Brian Krebs, the Times site has been affected for about a month and a half. The problem is not site wide and only affects visitors to a small section of the site:
“…Fortunately for most of the users, only one of the low-profile websites was infected, so the assumed number of the infected people is not really high. But! I checked yesterday’s stats, then day-before-yesterday and the result was a bit of shocker! We have consecutive reports of malicious iframes on their sub-site from 23rd of December and it is still working there while I’m writing this blog.”
The malware redirects visitors to another server where a Black Hole kit attempts to infect the visitor’s computer using various browser exploits. According to the blogger, Avast’s records indicate that only about a third of its customers have their browsers’ security completely up to date.
Evidently, this malware uses sophisticated methods to avoid detection, which is probably why it’s been able to remain in place for so long without being discovered by the IT guys at the Times:
“Because we were getting both the clean replies and also the replies with the malicious iframe inserted … , we’re pretty sure we’re seeing the HTTP server with installed malicious module, which changes the file on the fly – they’re unmodified on the disk so that the admins see only clean files and uploading ‘verified clean’ file would not fix anything.”
This blog report is dated February 8–five days ago. At the time, the writer indicated he was having trouble contacting a live human being with the Times in order to notify them of the situation. On February 11, which was Monday, Avast indicated on their Facebook page that they were still trying to contact someone at the Times.
The Los Angeles Times is the fourth largest newspaper by circulation in the United States. According to the Alexa web ranking service, it’s the seventh most visited newspaper site globally.