Washingtonpost.com’s Security Fix blog reports that a banner ad running on MySpace.com and other Web sites used a Windows security flaw to push adware and spyware out to more than one million computer users this week. The attack leveraged the Windows Metafile (WMF) exploit to install programs in the PurityScan/ClickSpring family of adware, which bombards the user with pop-up ads and tracks their Web usage.
Two lessons here…
- Update update update!
- Don’t run Windows!
Just go to defcon/blackhat/hack in a box/etc… and look around. How many folks are running windows on their laptops?