Malicious activity carried out for six weeks, from December 23 last year
Subdomain site publishing Los Angeles Times redirected to the hosting service, which contains the latest version of a set of Blackhole exploits. Information security specialist Brian Krebs reported that this activity was carried out for six weeks (23 December 2012), resulting in the injury of 325 thousand visitors edition.
Krebs conducted a joint investigation with a representative Avast, Jindrich Kubec after the IT-specialist has received several complaints from users.
Originally spokesman LA Times Hillary Manning stated that the problem with the site has been linked to a recent burglary resource advertising agency NetSeer, which caused the blocking of such portals as the New York Times, Washington Post, ZDNet and the LA Times, with advertising from the above agencies. Manning also noted that the problem already solved and LA Times website is correct.
Subsequently, IT-specialists have conducted a further investigation, and it appeared that the subdomain site still contained exploits. Representatives of the LA Times confirmed that the site is a threat to users' February 6 Los Angeles Times notified that OffersandDeals.latimes.com site contains malware. We have determined that the problem occurred in the subdomain Offers & Deals, run by third parties. "
After that, security subdomain Offers & Deals was restored.