There used to be the belief that if one stays away from “bad” Web sites, then malware is not a problem. That is not true, as a recent example with the New York Times illustrated. The popular news Web site was compromised, and the trusted site was serving up malicious ads:
The malicious ad took over the browsers of many people visiting the site, as their screens filled with an image that seemed to show a scan for computer viruses. The visitors were then told that they needed to buy antivirus software to fix a problem, but the software was more snake oil than a useful program.
Exploiting weaknesses in online ad systems is an increasingly common approach for computer criminals around the globe who hope to make a quick buck from the audiences of the sites they attack. Experts say the problem is likely to get worse as companies scramble to satiate a click-happy online culture.”
This is just one way in which criminals / hackers are becoming exceedingly creative in exploiting site visitors. No reputable software company would market products in this manner, but the criminals are relying on the trust that people have in the site.
There have been malware installations without the site visitors having to do anything. These are the so called ‘drive-by’ downloads, and just visiting the site puts one at risk. No click — or download — is necessary.
It is absolutely essential to be running an anti-virus and anti-spyware program.