Top

Your Spyware Money at Work…

November 25, 2004

Something to not be so thankful for is the current and ongoing spate of people who want to make your life miserable with spyware, worms, trojans, and other malware.  E-mail viruses may be down this week, but there’s plenty of other crap going on.

The SANS Handler’s Diary has some excellent writeups on the Bofra/iFrame exploit that turned up last week, which attacked people visiting mainstream websites (such as “The Register”) via a compromised server delivering banner ads.  Anyone who wandered past an infected site using Internet Explorer and any version of Windows other than XP with Service Pack 2 installed apparently got toasted.  No clicking on bad things, no downloading, not even dinner and drinks.  It’s getting dangerous out there.

Also afoot is a nasty Java/Javascript exploit which affects all users of Sun Java (that’s probably most Windows users at this point) in versions less than 1.4.2_06, regardless of browser.  If you’re running Windows , stop what you’re doing right now (we’ll wait) and go to your control panel.  If you find an entry for Java Plug In, open it, and check the version.  If it’s lower than 1.4.2_06, update it, right now.  Yes, now.

Last but not least, some folks have been digging around the musical question of “who actually profits from this stuff”—Ben Edelman has this answer, while our good friends at SANS have tracked some of this down to none other than the old 90’s Spam King himself, Sanford Wallace.



—–

Be Sociable, Share!

Comments

Got something to say? [privacy policy]

You must be logged in to post a comment.

Bottom