The Iframes malware vunerability code. This vicious hacker code has been around since 2004 when Microsoft put a fix in for IE 6.0. Why this is so important to Traffic Exchange owners and surfers, is that it attacks servers through banner iframe, on innocent websites, than downloads its code to banner clickers. I have 2 banner exhanges. I surf 200 sites a day and click at least 50 banners. When you do banner exchange you are usually using IFRAME mine does. I am going to talk to my guru Traffic Exchange master programmer Tim Linden at Start Exchange about this.but the answer for surfers protection right now is something I found at CNET–FINJAN and it is free.http://securebrowsing.finjan.com/Background:http://reviews.cnet.com/4520-3513_7-6832627-1.html?tag=feat.1By Robert Vamosi
Senior editor, CNET Reviews
January 28, 2008For the past year, I’ve been writing about the use of iframes to compromise legitimate Web sites with links to malicious code servers. It’s easy for criminal hackers to compromise a site if it is poorly managed and open to cross-site scripting attacks (think ma-and-pa e-commerce sites). Over the summer, automated versions of these attacks compromised thousands of travel, hotel, and restaurant sites in a matter of course. But there’s a flaw with iframes; the malicious servers are often identified and blocked. Unfortunately, this posed only a temporary setback for criminal hackers. Over the last several weeks, researchers at Finjan, an Israeli security company, have been monitoring the use of a new malware kit that uses new tricks designed to thwart conventional antimalware applications. One trick disguises the malware upon second visit to the Web site, making it a nonpersistent threat that’s hard to classify. Despite these tricks, Finjan was still able to find more than 10,000 sites infected with this new toolkit and offers some details about the attack.Javascript
I spoke with Finjan’s CTO, Yuval Ben-Itzhak, about this new Random JS toolkit. “The JS is for JavaScript because the filename includes random characters of, and the extension of JavaScript.” Details about the toolkit can be found in Finjan’s January 2008 release of its periodic Malicious Page of the Month report. Banner Mal-vertisement: Firstchoice ExposedPosted by Laureli Mallek Thu, 28 Feb 2008 18:42:00 GMTForceUp.com has been connected with a recent mal-vertising campaign. Contacting companies and offering to advertise on their sites, Diane Samuels, representing forceup.com, has been linked with an SWF that raised questions for many of those contacted. Attempts to contact her have not resulted in any response.While TeMerc.com describes it only as “some kind of virus” Sandi at SpyWare Sucks bring us some more details on the code. She has posted the URL, which specifically targets South Africa, United States, and the UK.ForceUp.com has been repeatedly mentioned as a source of malware along with BlessedAds and TraveltrayLoad2load.exehttp://www.crime-research.org/analytics/2142Hackers cause painOne-Fourth of Net Users UnprotectedA recently updated browser would most likely block malware from infecting a PC. But hackers hope that Web surfers who haven’t installed the most recent Windows software patches or antivirus software will become their next victim.Thompson says a hacker program called WebAttacker is being planted on Web sites across the Internet. The program checks each site visitor’s browser for vulnerabilities, and then tries to use one to take control of the PC.Thompson estimates that tens of thousands of sites like Estrada’s and Walter’s have been hijacked and are unwittingly poised to infect PCs whose security software is out of date. Once the cybercrooks take control of your PC, they can do any number of illegal things. Hackers have been known to plant spyware on PCs to steal an identity, to plant adware, or to turn a PC into a spam-spewing zombie.“If you don’t have the most up-to-date Windows Update patch or virus definitions, you may get stung by one of these sites,” Thompson says.According to a Jupiter Research survey of 2200 PC users, 24 percent did not have antivirus software installed on their PCs. In single-PC homes, that number jumps to 29 percent.Joe Wilcox, a security analyst with Jupiter, points out that there is no way to tell how many of those who do report using antivirus software actually update it on a regular basis. Doubly troubling, Wilcox says, is the changing nature of Web-based security threats.If you have the most recent Windows operating system patches and have updated your antivirus protection, your PC is in great shape.

http://www.theregister.co.uk/2007/09/21/google_malware_warning/

Banner badwareJay’s experience comes as cyber crooks increasingly look to legitimate third-party ad networks as a vehicle for distributing software that silently installs Trojans and other forms of malware while an end user surfs presumably safe sites.Last week, it was revealed that a company owned by Yahoo dished out an estimated 12 million ads on sites such as MySpace and PhotoBucket that installed a back door on unpatched Windows machines. Several days later, Roger Thompson of Exploit Prevention Labs said in a blog post that a banner ad infected a test machine while it surfed FaceBook. Malware-laced ads date back at least 14 months, when banners running on MySpace infected more than 1 million users with adware. http://www.stopbadware.org/Credit goes to:http://www.viddler.com/explore/BestDamnTech/videos/38/I found this wonderful and terribly funny, and I have to thank them for all the rough language-I am putting out my own one woman show for the women with sensibilities in my group.  I have subscribed to their show and will watch faithfully. If you don’t flinch from the harsh language you will find the buffonery extremely entertaining.  I have included their link, maybe if they didn’t all drink so much beer… anyway they they had some great stuff inbetween sips and chugs.

MY VIDEO:

http://www.viddler.com/WebDiva/videos/1/