Hey all you TwinkieTown bloggers. I know you frequent the StarTribune Twins blogs. I have temporarily suspended that practice myself because there is a rogue ad network for those blogs in particular that puts spyware on my machine. And I advise you to do the same.
The StarTribune actually ran a story about how it had hundreds of complaints from visitors about a malware attack. I can't find it because I would have to go to the StarTrbune.com to do so, risking further infection. The story never said the problem was fixed. I have since discovered that it is not fixed. That the particular piece of malware that sparked the complaints is no longer being spread by ST.com. But other spyware is. Let me explain by telling the story.
Rogue Antivirus Malware
I have been inundated with spyware this past month and more. It started with the Rogue Antivirus, a very nasty piece of code that is managed by the Russian Mob to scam people into giving the Mob their credit card info. The malware spoofs itself as a trusted peice of antivirus software form Microsoft. If you don't buy the software but shut your computer down immeditaely, you can escape major damage. You do have to bring your system in for repair. But you can save your stat and applications. If you buy the software, the Mob will take your credit card number and start using it until you cancel it. Meanwhile, the code shuts your computer down and erases critical parts of your operating system so it will no longer boot up.
This is one that can only be removed by deleting particular files spread around your hard drive, deleting particular tracking cookies from your browser, and fixing the registry. I took it to BestBuy, just because the alternative was to go to send it to my company IT department and get my hard drive wiped.
The GeekSquad guy at Best Buy said they had thousands of cases of that malware in the Twins Cities area in one week. While I waited for the paperwork, a half dozen cases came in with the very same problem. One couple in line in particular said, "All we do is go to news sites like the StarTribune.com." Anyway, the day I put my $200 down on the table and got the machine back from BestBuy, the Strib ran a story about a malware attack from one of its ad networks. At the time, I thought it was an interesting coincidence, but I didn't think this was proof that the Strib was the source.
Fake Windows Update Trojan Horse
About a week after getting my machine cleaned out, I got another piece of spyware, this time it was the Fake Windows Updater Trojan Horse, that again hides as an XP program which asks if you want to install available updates and restart your computer. It will even hide in your Shut Down screen as the default option. If you're not careful to select "Shut Down" rather than "Install Upgrades and Shut Down," you're hosed.
At this point, I installed Spyware Doctor to clean my machine myself (another $40, BTW). When I ran the Inlligent scan, it found 39 infections from this particular piece of malware. Obviously, I was visiting a site that routinely downloaded spyware on my PC. Outside of my corporate site, I don't regularly go anywhere but Twitter, Facebook, LinkesIN, Twins blogs, news sites, Google, and Weather.com. So it had to be one of these sites.
One of the features of Spyware Doctor is a Spyware Blocker. When a piece of spyware is trying to install itself on your computer, it brings up a dialog that asks whether you want to block it or not. I always block, of course. Here it became clear what the source of the spyware is. Every time I went to Howard's, Joe C.'s or Lavell's blogs, I had to block the attempt to load spyware.
Now I don't think Spyware Doctor is perfect, because I just scanned my PC and I now have the same piece of malware again on my system. I will perform a complete scan (as opposed to an Intelligent scan) and have it removed. But, in the meantime, I will not visit StarTribune.com.
Boycott the StarTribune.com
It is beyond belief that a major news site would be so desperate that it would do business with ad networks known to distribute spyware. And it is shocking that after it discovered this problem and published a story about it, it continued to work with the network. Not only will this hurt its traffic (I can only hope). But it could make it libel for a class-action law suit. The information is public at this point. There are thousands of people who are out hundreds of dollars because they trusted the StarTribune.com. Some of these people had to cancel their credit cards and get new operating systems and applications.
At the very least, we should boycott the StarTribune.com until they publicly apologize and prove that they no longer work with the offending ad network. Howard, I'm sorry. I love your content. But you gotta talk to the ad folks and get this stuff cleaned up