[funsec] When legit Web sites serve up malware...
Richard M. Smith
rms at computerbytesman.com
Wed Jul 16 20:27:23 CDT 2008
If you visited www.SFgov.org over the last couple of weeks, better check
your computer for infections.
A security vendor, Finjan, reported Wednesday that the city's Web site was
one of over 1,000 sites treating visitors to malicious code.
Other sites caught up in this latest round of Web attacks include uci.edu
(the University of California at Irvine's site); Snapple.com; a site
registered to the Marysville, California's police department; an ad
network--atdmt.com--acquired by Microsoft; and several international sites.
To get infected, you need one of three unpatched security flaws, none of
them new. One is a flaw in Apple's QuickTime, also used by iTunes, that
affects both Macs and PCs. The other two are flaws in Microsoft
software--the AOL SuperBuddy ActiveX control and an ActiveX control in the
back end of Windows that accesses remote databases over the Internet. Full
details are here.
More information about the funsec