[note class=”info”]Note: this problem has since been fixed – see the notes at the bottom of this article.[/note]
Google seems to have caught the Worcester Telegram & Gazette’s website (telegram.com) distributing “drive by” malware. “Drive by” malware means malicious or harmful software that is installed on your computer even if you don’t click on anything. Of course this is done without your consent (or notice).
If you search Google for “worcester telegram and gazette“, you will receive a warning page similar to the one shown below (the warning is circled in red):
If you use Firefox as your web browser and you try to go directly to the Telegram & Gazette’s website, you’ll see a security warning similar to this:
If you use Internet Explorer, you won’t get any warning – so if you do use Internet Explorer, you might want to avoid going directly to the Telegram & Gazette’s website and instead search for it using Google.
According to Google’s report, the malware isn’t coming directly from telegram.com, but from other sites – probably linked via ads of some sort, or perhaps via a sneaky technique known as “injection,” which allows content from other (usually “bad”) sites to be “injected” into other sites (usually very popular ones).
If you do visit the Telegram & Gazette’s website (not recommended right now), you’ll see a vague statement on the front page regarding “problems” they are experiencing right now, and how they are “working with their vendors” to resolve it.
Until this situation is resolved, we’d recommend staying away from the Worcester Telegram & Gazette’s website. You can check on the status of the situation by searching Google for “worcester telegram and gazette” and seeing whether the “This site may harm your computer” warning is still there.
If you absolutely must go to the website, we’d recommend using extreeme caution. If you have a Macintosh or Linux computer available, it is probably safe to visit the site from those computers – as almost all malware is written for Microsoft Windows.
UPDATE: The problem appears to have been fixed. We received a note from Mark Henderson, Online Director over at the Telegram & Gazette, who let us know about the problem and gave us this note, which was also posted on their website:
Our Web site was the target of a virus or other intruding program for limited periods of time from Monday afternoon to early Wednesday morning. When we learned of the problem, we took all appropriate steps to ensure the integrity and safety of the site. We believe that we have corrected the problem and that you can continue to use the site without concern. It is our understanding that computers with up-to-date virus protection would not have been compromised. If you believe that your computer may have been affected while connected to our site, please contact Online Director Mark Henderson at (508) 793-9266.
Google also no longer lists the site as being potentially harmful to your computer, nor does Firefox. So it seems to be safe to visit the site again. Although this incident just underscores the need to have a good anti-virus or anti-spyware program on your computer that is kept up-to-date!