jdh
January 8th, 2008, 01:43 AM
Hackers turn Cleveland into malware server
And Computer Associates too
By Dan Goodin in San Francisco
Published Tuesday 8th January 2008 01:29 GMT
"Tens of thousands of websites belonging to Fortune 500 corporations, state government agencies and schools have been infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations, security researches say. ..."
"At time of writing, more than 94,000 URLs had been infected by the fast-moving exploit ..."
"As we've said before, end users should make sure browsers, browser plug-ins, media software and other applications are updated. Secunia's Software Inspector is one good way to do this. Also helpful is the use of the Firefox browser with the NoScript plug-in, which helps fortify users from many javascript attacks."
After following ISC.SANS.ORG for a couple years, that some of the best advice I could think of. I think there is hardly need to post news here about vulnerabilities in future. Just assume you're vulnerable and check your patches every week. What a friggin PITA. You'll still be vulnerable, but significantly less so. Or erase the friggin plug ins and non critical web apps from your HD.
"what a revolting development" William Bendix. The stuff keeps hitting the fan.
David H.
And Computer Associates too
By Dan Goodin in San Francisco
Published Tuesday 8th January 2008 01:29 GMT
"Tens of thousands of websites belonging to Fortune 500 corporations, state government agencies and schools have been infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations, security researches say. ..."
"At time of writing, more than 94,000 URLs had been infected by the fast-moving exploit ..."
"As we've said before, end users should make sure browsers, browser plug-ins, media software and other applications are updated. Secunia's Software Inspector is one good way to do this. Also helpful is the use of the Firefox browser with the NoScript plug-in, which helps fortify users from many javascript attacks."
After following ISC.SANS.ORG for a couple years, that some of the best advice I could think of. I think there is hardly need to post news here about vulnerabilities in future. Just assume you're vulnerable and check your patches every week. What a friggin PITA. You'll still be vulnerable, but significantly less so. Or erase the friggin plug ins and non critical web apps from your HD.
"what a revolting development" William Bendix. The stuff keeps hitting the fan.
David H.