Some visitors of the New York Times website fell victim to a malware attack over the weekend, after the news site dished out some less-than-kosher advertisements. It is reported that scammers effectively swapped an approved ad for one with a fake virus warning in an attempt to scare users into buying phony security software.

"The culprit masqueraded as a national advertiser and provided seemingly legitimate product advertising for a week," said spokeswoman Diane McNulty. She went on to explain that over the weekend, the ad being served was switched with the intrusive virus message. On click-through, users found their browsers hijacked while a bogus antivirus "scanned" their system. The malware then relied on scare-tactics to bait victims into buying bogus antivirus software.

The ploy was possible because the New York Times allowed advertisers to host ads on their own servers. According to Trend Micro, the ad was hosted by Hetzner AG, which supposedly has a "colorful track record when it comes to spewing dodgy content."