Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Hitman Pro writeup about the Yahoo malvertizing incident

January 8th 2014 in Uncategorized

It’s an excellent write-up, and worth a read:


http://hitmanpro.wordpress.com/2014/01/05/malware-served-via-yahoo-affected-millions/ 


Lessons for the layman: keep all software on your computer up to date and get rid of Java (you know, the stuff that runs java applets). Run antivirus and keep it up to date (but remember, antivirus is more reactive than proactive and may not catch the really new stuff).


Make no mistake, Yahoo are the victims here as much as those people who are left with infected computers. If you are a publisher or in ad-ops, do what you can to avoid the miscreants: http://www.anti-malvertising.com/  


 


Comments are closed.

Cite: http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html
“Starting in January 2014, Chrome will block webpage-instantiated NPAPI plug-ins by default on the Stable channel. To avoid disruption to users, we will temporarily whitelist the most popular NPAPI plug-ins that are not already blocked for security reasons. These are: 

Silverlight (launched by 15% of Chrome users last month)
Unity (9.1%)
Google Earth (9.1%)
Java (8.9%) *
Google Talk (8.7%)
Facebook Video (6.0%)

* Already blocked by […]

Previous Entry

The top two – open source Apache and Nginx:http://blogs.technet.com/b/security/archive/2014/01/08/drive-by-download-attacks-examining-the-web-server-platforms-attackers-use-most-often.aspx 

Next Entry