The Swedish evening newspaper ”Expressen” closed down parts of its site recently since a leading computer and technology site idg.se reported that harmful code was being spread (swedish text) from the site.
Expressen has a weather site and the weather site links codes from many different parts on the net. In this case apparently there was code linked from a Chinese site that included a java-script based attack vector taking advantage of a known security hole in Adobe Reader.
I am not surprised really because of the way papers links to ads that contains flash animations, various types of scripts including java script, java code that runs on the client side and so on it is only a question of time before someone hacks into the ad site, replacing an ad with harmful code, thereby spreading it to thousands of visitors per hour visiting totally legitimate sites through perhaps hundreds of site linking ads from the hacked site. It is actually surprising that this is not more commonly happening than it is right now.
I see a surprisingly large amount of foreign sites delivering ads on Swedish news paper sites, perhaps there is nothing to do about this but it must be a nightmare to keep a tight security on a system like this.
For the user even more so – depending on the security model of your web reader and operating system the result from this could be devastating for the user who surf to any of these sites. The only way of being sure this does not happen is to have safely linked material, material that can not contain attack vectord that a third party may use to gain access to desktop computers all over the worls.