It's not unusual for a government IT department to warn its users about downloading malware onto their government-issued computers. It's more unusual, though, for the source of the malware to be the ads on the website of the newspaper of record.
In July, the cyber security coordinators in the state of Idaho took the unusual step of recommending that its users block or avoid the website of the Idaho Statesman, a Boise-based daily paper that covers most of the state, due to what was said to be malware in the website's ads, according to a memo sent to the security team.
Upon presumably reporting the problem to the paper, the paper began scanning the ads for malware before placing them on the site, and the state IT department also looked for malware in the paper's ads.
"Therefore, since there are many agencies or individual employees who must access the Idaho Statesman, their business needs must be met; particularly since the overall risk seems to have returned to a normal, cautious state. I no longer recommend blocking or avoiding the Idaho Statesman website, though anyone who does should be cautious," the memo continued, which alluded to a similar incident in January as well. (Boise State University, which is funded by the state, reported a similar incident in December, 2009.)
"The Statesman is not alone in having issues with malware; many local and national news sites (including the New York Times and the Seattle Times) have had to deal with this in the past or are currently working on the same problem," the paper said in a note on the January incident.
State employees were also encouraged to implement ad-blocking software, because malware can be hidden in many website ads, to use a web filter that looks for malware in ads and, without those, not clicking on things.
Users were warned that they did not need to click on the ads for the malware to be effective.