Don't Get Web 2.0wned

A recent attack in which tainted banner ads served up rogue software for visitors of popular sites such as drudgereport.com, lyrics.com and horoscope.com is a stark reminder of the importance of keeping up-to-date on software patches. According to Web vulnerability scanning firm ScanSafe, between Sept. 19 and 21, tainted ads that tried to foist malicious software cycled through some of the Web's most popular destinations (drudgereport.com receives more a million visitors per day, according to compete.com). Unlike the attack last week from rogue ads on the New York Times Web site - which heaved bogus anti-virus software onto visitors' systems - this series of bad ads sought to drop a Trojan horse that hijacks the victim's search results, ScanSafe found. The hostile ads tried to exploit several software vulnerabilities in order to drop the search hijackers onto victim PCs. One was a Microsoft Windows/Internet Explorer vulnerability that Redmond issued a patch to fix in July. The attackers also exploited several flaws in Adobe Reader and Acrobat, infecting systems that were missing the latest updates for those programs, ScanSafe found. If you're putting off patching the operating system or common apps like Reader and hoping your anti-virus software will save you from these attacks, consider this: ScanSafe discovered that just 3 out of 41 anti-virus scanning engines in use at Virustotal.com detected the dropped Trojans as malicious. If you have trouble remembering to install updates, consider using a free program like Secunia's Personal Software Inspector, which periodically alerts users about outdated, commonly-used software titles. The company also offers an online scanner (requires Java). Please join me at 11 a.m. ET today for Security Fix Live, where I have a go at answering your questions about technology, security, and privacy. Can't wait until then? No problem: Send me a question in advance.