I suspect this is one more case of
malvertising. recent
info on malvertising at Photobucket.com Malvertising looks like normal ad banners, but they're specially rigged to exploit vulnerabilities in, say, Flash Player, Adobe Reader, QuickTime, and other browser add-ons.
So... anyone with a version (or two) of Flash Player installed should
check to ensure they've got the latest version(s). Update if needed. Linux and Mac users, this means you as well :tinfoil: If you have a Windows system with alternate browsers (FireFox, Opera, etc), update both the Internet Explorer instance of Flash
and the other browser's instance of Flash.
Ditto for Adobe Reader, aka Acrobat Reader:
update here
Ditto for QuickTime Player / iTunes:
update here (or uninstall it if you have no actual need for it)
Ditto for Sun Java: get
Java Runtime Environment (JRE) 6 Update 6 (or uninstall all instances of Java / JRE if you have no actual need for Java)
To easily check Windows systems for vulnerable versions of these programs and others (IM, email, browsers, etc), try the
Secunia Personal Software Inspector beta, which is free for home users :candle: Scanning every week or two would be a good idea IMHO. Remember that the program only identifies
known vulnerabilities; if you want protection from
unknown vulnerabilities, consider using a
non-Administrator user account and possibly adding a
Software Restriction Policy.
mech's 64-bit Vista riggie gets a clean scan... for now.
