In fact, for several hours today, when entering the site from Firefox or Chrome, you could see a red screen with the aforementioned message (click to enlarge):
Why did this happen and can it happen again?
The reason is very simple: one of the sites linked by Clarín, effectively contained references to harmful sites that download malware to the user's computer. That is to say that a third party, for example, can include advertising within any popular website and in said advertising contain links, banners or harmful scripts , so that any user who enters will be infected, without knowing it. This practice is very common among criminals and is called Drive-by-Download and the more popular the website, the more effective the technique is because more users are infected.Clarín reported through Twitter but the "error" they mention there is not entirely real because if the banner downloads to the user's computer and the harmful site is active (which in this case still happens), the user can be infected. This is not a mistake, it is a sought and intentional action by a criminal, who was able to include the harmful banner without Clarín verifying it previously.
Google, every time it crawls and indexes a site, checks the content and outbound links in such a way and blocks sites that contain harmful links. If you check the links of Clarín, you can still see that what is described does indeed happen and you can also know which were the harmful sites (click to enlarge):
As you can see, in the last 90 days links to site ennykille[REMOVED].in and cartmanbanne[REMOVED].in have been included, both active and harmful (DO NOT enter!).
Can anything be done to prevent it?
From the point of view of who offers a web service, it can indeed be checked that no harmful links and scripts are inserted into the website and also each advertisement should be checked before inserting it on the page.If Google can detect a script and a harmful site, the site owner should also be able to do so if they were responsible enough to care about the safety of their users.
In this case I assume (I can't verify) that Clarín simply removed the harmful banner from their site but this is a reactive action, after thousands of users had already entered the site and could possibly be affected.
Undoubtedly, a lesson that Clarín and many other popular sites must learn soon.
Update 23:59:Fabio thinks that Google takes too many attributions when blocking the site, which could be used to cause for example a DDoS attack, an idea that I share in part but from my point of view that is not an excuse for Clarín not to take the measures of the case.
Cristian from the Segu-Info Newsroom
