As early as July 21, Oklahoma’s internet technology security center began warning network users that News9.com contained potentially malicious software known as malware.
John Estus, director of public affairs for the state’s Office of Management and Enterprise Services, which oversees the state’s Security Operations Center, said the state temporarily blocked the site as a result of the threat.
The state has since lifted its block, Estus said, and News 9 said Wednesday that the issue had been addressed.
“On any given day, several sites are blocked for these very reasons,” Estus stated via email Wednesday. “Once the issues are resolved, we unblock the site. We have temporarily blocked other news sites before, and we certainly will again because no site is immune from these issues.”
State employees warned
According to state correspondence NonDoc obtained last week:
The state IT security center is investigating credible reports stating that the advertisements News9 displays on their website has [sic] been compromised. The security experts list the risk of compromise to government and home PC’s [sic] as high. Visiting the News9 website might lead to programs being silently installed on the PC you are using allowing bad guys to use that computer for their own purposes. We recommend that you avoid using their website until we receive word that this threat has been eliminated.
The next day, July 22, state employees received an update that News 9’s online situation had worsened:
We have new information that several IT security monitoring systems across the world have now blacklisted the News9 website. Blacklisting means that visiting a website on a computer risks handing that computer over to the crooks that want to use it to break the law. The smart smart phone user also knows that visiting a blacklisted website on a phone isn’t necessarily a good idea.
We highly recommend that you avoid this website at home and at work until we get the all clear notice.
We have also been asked if the News9 application is vulnerable to compromise. We are researching this question and will pass the information we find to you as soon as we can.
While OMES’s Estus said the issue was resolved and News9.com had been unblocked, NonDoc spoke to multiple state employees who had not yet received an all-clear message.
The site had been unblocked for users at one state agency, while it remained blocked for another at the time of this post’s publication.
Third-party problems
Jen Billings, executive producer of digital content at News 9, said the issue involved a corrupted advertisement from a third-party vendor.
She described the malicious software as a pop-up that encourages users to update their Adobe Flash software, a common component of most browsers. The “update,” however, actually installs malicious programs instead.
“I think I got an email from a viewer maybe two weeks ago. And my husband said, ‘Hey, do you know this is happening?’,” Billings said during a phone interview Wednesday.
Billings said fixing the issue took time, but she offered advice to site visitors in case they come across it on News9.com or any other site in the future.
“As long as you don’t agree to the ‘update,’ you shouldn’t be infected,” Billings said. “It’s not something in our content.”
She said she was unaware the state’s IT department had advised its users to avoid their site.
Shortly after Billings’ comments, Richard Cox, director of new media for News 9’s parent company, Griffin Communications, emailed to confirm that the issue had been resolved.
“When we first noticed this problem, my team began searching immediately for the culprit, which turned out to be a series of domains that were being served by ad units on our site,” Cox stated in an email. “We contacted our ad serving partners to block the offending domains, and we’ve received no additional complaints and have seen no more evidence of the malware ourselves.”
Later, NonDoc emailed Billings to see if any sort of warning had been issued to News 9’s online visitors, but that email went unreturned as of publication Thursday. A review of News 9’s Twitter and Facebook page appears to show the station did not post about the issue for its viewers and users.
Best practices for internet safety
Software developer Autodesk has a post about online security and avoiding malware on its blog. They offer the following 10 tips for keeping your browser out of harm’s way (No. 6 contains words to live by):
- Install antivirus/malware software.
- Keep your antivirus software up to date.
- Run regularly scheduled scans with your anti-virus software.
- Keep your operating system current.
- Secure your network.
- Think before you click.
- Keep your personal information safe.
- Don’t use open wi-fi.
- Back-up your files.
- Use multiple strong passwords.
(Editor’s Note: NonDoc editor in chief William W. Savage III contributed to this report.)