funsec mailing list archives
When legit Web sites serve up malware...
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 16 Jul 2008 21:27:23 -0400
http://www.sfgate.com/cgi-bin/blogs/sfgate/detail?blogid=19&entry_id=28215 If you visited www.SFgov.org over the last couple of weeks, better check your computer for infections. A security vendor, Finjan, reported Wednesday that the city's Web site was one of over 1,000 sites treating visitors to malicious code. Other sites caught up in this latest round of Web attacks include uci.edu (the University of California at Irvine's site); Snapple.com; a site registered to the Marysville, California's police department; an ad network--atdmt.com--acquired by Microsoft; and several international sites. To get infected, you need one of three unpatched security flaws, none of them new. One is a flaw in Apple's QuickTime, also used by iTunes, that affects both Macs and PCs. The other two are flaws in Microsoft software--the AOL SuperBuddy ActiveX control and an ActiveX control in the back end of Windows that accesses remote databases over the Internet. Full details are here. .... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- When legit Web sites serve up malware... Richard M. Smith (Jul 16)
- <Possible follow-ups>
- Re: When legit Web sites serve up malware... Paul Ferguson (Jul 16)