In late December, it became obvious that something was wrong.
The website for the Moscow Times, Russia’s largest English-language newspaper, began to see problems. Google and other antivirus programs were sending users alerts saying that the Times website was serving malware.
In response to repeated complaints, Times staffers told users to “ignore the alerts and proceed to the website.”
Screengrab via Facebook
That was a bad idea. The Times website was serving malware from its advertisements—including a tiny porn ad sized 1 by 1 pixel and a silent redirection that launched an exploit kit designed to infect and take control of targeted computers, reports Malware Bytes.
The Moscow Times website is still pushing infected advertisements, likely from the OpenX advertising platform.
The Times repeatedly called Google’s warnings “fake.” When readers pressed, other commenters pointed out that “Google is just Yankee,” implying that American companies might not be trusted.
While many users heeded the warnings of anti-virus programs, several took the Times’ advice and kept reading the website.
After all, lots of us have seen false warnings that erode trust in anti-virus programs. The Daily Dot itself is subject to an ongoing warning that affects users of the Avira anti-virus program, which repeatedly makes the mistake of flagging our code as malicious. It’s difficult to get off the flagged list and next to impossible to stay off.
The danger, beyond affecting how many people click our stories, is that users begin to wonder whether or not the warnings are real.
When users end up ignoring the real warnings, the big problems begin.