Cryptosmith

Troy Davis posted info about a malware ad encountered on NYTimes.com. I always enjoy a good, basic forensic analysis. The location of the ad is disturbing, to say the least, though it reflects a problem with today’s on-line commercial culture.

It’s so easy to do on-line transactions (you send money, I do an on-line service) that vendors aren’t inclined to vet their customers. Vetting costs money: it takes time and it puts the vendor in the position of turning down potential sales. Companies make more money by playing ignorant.

On the other hand, we like to think that a respectable organization, like the New York Times, takes some responsibility for the ads it hosts.

From the consumer/victim point of view, though, it’s probably hard to prove that a particular site hosted a particular ad, unless you can get a team of individuals to document it, too.

Posted under Security | No Comments »