Star Tribune Web site serving damaging virus


There are reports around the Twin Cities today that the Star Tribune’s Web site has spent the morning serving up malware to its visitors. First reports surfaced from the University of St. Thomas earlier today. Since then, a growing number of people surveyed via Twitter also report problems. Your local public radio station blogger also had viruses showing up after visiting and commenting on a review of last night’s B.B. King concert.

A few minutes later, a program made to look like anti-virus software popped up reporting the computer was under attack, but the “program” itself was a virus.

The Star Tribune posted this notice a few minutes ago:

We have received reports that a third-party advertising network has been placing a “Malware Ad” onto our site.

A “Malware Ad” is a potentially malicious ad that could contain a virus or attempt to get you to pay for unsolicited services. The ad informs you that your machine has been infected with a virus and that you should click it to run a scan on your machine. We do not approve of this ad and consider it a potential security threat to your computer — although we do not yet know that for certain.

We take this situation very seriously and are responding aggressively to get it resolved. We have removed all ad networks from our site. All advertising networks will be required to perform complete a check of every ad they run, and to verify that they are not running this ad, before we allow them to run on our site.

If you see an ad matching this description, please let us know about it by emailing

How does something like this happen? Ask the New York Times. It happened to the newspaper’s Web site last fall.

While Web site owners usually review the ads they run for quality control and security reasons, many online ads are sold and distributed through middlemen known as ad networks. As a result, ads can appear on a site that its operators have not directly approved, and they may be pulled into its pages from computer servers that it does not control.

About half of the ads delivered to The Times’s Web site come from ad networks. As reports of strange activity came in over the weekend, the technical and advertising staff at The Times began to suspect that a rogue ad had slipped through this way, and they moved to stop displaying such ads, said Diane McNulty, a spokeswoman for the Times Company.

But it now appears that the ad was approved by the site’s advertising operations team, Ms. McNulty said. People visiting continued to complain about the pop-up ads throughout the weekend.

The real damage, however, comes when the employee sheepishly delivers his infected laptop to his company’s I.T. department, fruitlessly claiming he didn’t spend the weekend visiting porn sites.

For the record: It’s not uncommon for Web sites to use third-party ad servers. Jeff Harkness of MPR’s digital unit reports that MPR “(1) allows our clients to serve ads to our sites via 3rd party networks (Doubleclick, Mediaplex and EyeWonder are among the more common) and (2) National Public Media has an ad network that we partner with.

But you’re safe here. Trust me.

Update 3:23 p.m. – So now that you’ve got an infected computer, how can you get rid of the Star Tribune’s malware/virus. This page has a step-by-step instruction. It’s not easy. (Alternately, you can try these instructions at Bleeping Computer.)

  • JackU

    If this is what I think it is, it can be real nasty. We had two machines get this in the last few weeks and we needed to reload Windows on those systems in order to clear it off.

  • Cate

    This virus is very nasty. It attacked my computer in November immediately after I visited the Star Trib website, so it’s been around for a while.

  • Elam

    Same situation here, we have had about a dozen systems become infected before today, and 6 today alone. It is a fairly nasty bugger, which, until today, we had been treating by simply wiping and “imaging” drives cleanly. Not a happy situation for our staff members. The instructions posted do work though. Thanks MPR

  • hooha

    Just recieved and conquered this virus in January. Took me 24 hours to get it off my system. Grrrrr……Now I am spending my offtime helping others get the nasty thing of their computers…

  • Tyler

    Another reason to use the AdBlock Plus extension with Firefox. Never see an ad again!