From Brian Krebs/Washington Post:
QuoteIf you happen to visit the MySpace Chat Forums without the benefit of the latest security updates for popular Web browsers and media player plug-ins (think Macromedia Flash, QuickTime, e.g.), your Windows machine is likely to get a kitchen sink full of malware crammed down its gullet...including Virtumonde, WinFixer, and ClickSpring, as well as a bunch of Trojan horse programs that are very poorly identified and detected by anti-virus programs at the moment.
<snip>
This is a perfect example of why it is so critical for Windows users not to delay installing security updates for all software applications, not just the operating system and the Web browser.
http://blog.washingtonpost.com/securityfix/2008/01/malwarelaced_banner_ads_at_mys.html
From Alex Eckelberry/Sunbelt Blog:
QuoteWe worked earlier today with Brain Krebs at the WP about malicious banner ads on Myspace. (Malware is being delivered through exploits, but fully patched systems won't be affected.)
Sandi Hardmeier has also been tracking ads at Excite and, now, Blick (a popular German site). These are different than the Myspace ads (in that they don't seem to be dumping an exploit-driven payload).
(Bold by me)
http://sunbeltblog.blogspot.com/2008/01/malicious-ads-on-myspace-excite-blick.html
To check if your systems are missing any other security updates or have insecure applications installed, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
- Detects insecure versions of applications installed
- Verifies that all Microsoft patches are applied
- Assists you in updating your system and applications
Additionally,
remember to remove older versions of Sun Java if found.
A family member was surprised when I suggested she visit Secunia Software Inspector, remarking, "it's brand new out of the box since Christmas."
She had visited Windows Update straight away finding 22 critical updates when she first set up her daughter's new Vista box, but was also surprised when Secunia identified numerous other software applications needing updating, especially Flash.
Wow! Thanks for the tip, ripley! I just ran Secunia's software inspector and had several insecure programs on this machine. Updated them as suggested, and ran 'software inspector' again, and it came up clean. Guess I ought to do it on the old laptop. :blink:
Lena, while you were at Secunia I hope you signed up for reminders? If not, go and do it! It is an email you won't regret. They come when things get updated, then you just go there and run the software inspector and click the download links provided, for the needed updates. It is super! I am testing the Beta version and not as impressed with it.