31 Mar
2007
31 Mar
'07
3:20 p.m.
* Fergie:
While the 0-day exploit is the ANI vulnerability, there are many, many compromised websites (remember the MiamiDolhins.com embedded javascript iframe redirect?) that are using similar embedded .js redirects to malware hosted sites which fancy this exploit.
And some of them have vast audiences, increasing the potential for a major "issue" -- TBD.
In today's world of ubiquitous advertising, vast audiences equal lots of money. That's why this is a problem which a few class-action suits can and will fix. The hard problem is repeated damage done by many small incidents.