Superguide: the death of 'trusted' Web sites?

Web sites and applications that have been attacked

• Virus encyclopaedia infects visitors with malware

  Security vendor Trend Micro's UK and Japanese Web sites were hacked last week; attackers managed to inject malicious iFrames into their "virus encyclopaedia" pages.

• Facebook banner ad serves an IE exploit

  Unpatched PCs running Internet Explorer could fall victim to adware when visiting social networking site Facebook.

• Bank of India is hacked and dangerous

  Security experts are warning Bank of India customers to steer clear of its official Web site because it is serving up several information-stealing Trojans.

• AFL teams a danger on the Web: Google

  Google has flagged the Web sites of 10 Australian Football League (AFL) clubs as potentially dangerous, preventing visitors from accessing the teams' sites via the search engine.

• Sun denies Java patch release put billions at risk

  Sun has denied its staggered patching schedule for a recent Java flaw put billions of devices at risk.

• Patch or get PWNED in a flash

  Recently fixed vulnerabilities in Sun's Java Runtime Environment and Adobe's Flash player mean that unpatched systems are vulnerable and could be infected with spyware or recruited into a botnet by simply visiting a Web page with exploit code -- and Google last month warned that 10 percent of Web sites contain this kind of malicious code.

• Don't fear Sydney Opera House trojan

  The Web site of the Sydney landmark has been found to harbour malware but it has been described as an "irritant" rather than a "major security risk".

• Cursor flaw gives Vista security a black eye

  Microsoft's release of a "critical" patch on Tuesday poked holes in Vista's security promises, but security experts advise against discounting the new operating system.

• Microsoft Office flaws up 300 percent

  Between 2006 and 2007, there was an almost threefold rise in flaws found in Microsoft software, according to vulnerability-scanning company Qualys.

• Apple QuickTime zero-day flaw 'extremely critical'

  Security research firm Secunia has reported what it calls an "extremely critical" vulnerability in media-streaming program Apple QuickTime.

• Attackers exploit dangerous PDF file vulnerability

  On Monday, Adobe patched vulnerabilities in versions 8.1 and earlier of its Acrobat and Acrobat Reader. If exploited, an attacker could launch malicious code on an affected system.

• Security flaws unearthed in Google's Android

  Researchers have found some holes in Google's Android SDK that could make the software vulnerable to hack attacks.

• Skype fixes critical security flaw

  Skype has fixed a critical security hole in the latest version of its Windows VoIP software, which could have allowed specially crafted Web sites to load and run malicious code on victims' PCs.

• Security product had 60 flaws after being patched

  Vulnerability-testing company Secunia has slammed one security vendor for having "inherent code problems" in its backup and antivirus software.

• QuickTime 'evil pink box' flaw hits Second Life

  Researchers have shown how to exploit a flaw within QuickTime, allowing an attacker to make money stealing from innocent Second Life victims.

Related News

• iFrame attacks: Blame your Web admin guy

  With one new Web site compromised every 14 seconds, including some of the biggest names, it's almost impossible to tell what's a "trustworthy" Web site. But who's at fault for exposing Internet users?

• "Trusted" Web sites can no longer be trusted

  Restricting your Web surfing to "trusted" sites is no longer enough to keep your machine safe from malware, according to security experts.

• Web attackers get better at hiding

  Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said this week.

• Single-line attack infects thousands of Web sites

  Thousands of Web sites have fallen victim to an attack using just one line of code that maliciously re-directs browsers via Javascript to servers that are hosting a variety of drive-by exploits. Multiple browsers and operating systems are affected by this code if not correctly patched.

• Hundreds of sites hit with dynamic malware

  In January of 2008, ScanSafe reported that it had discovered more than 200 UK-based Web sites that were using malicious javascript to place trojans and rootkits onto victims' machines.

• Malware Web sites: now 30,000 a day

  Security experts demand more vigilance by Web-hosts to curb the explosion in malware-infected Web sites, which are appearing at a rate of 30,000 per day, according to Sophos.

• Web-borne security attacks explode

  Internet-borne security threats have taken over the mantle as a greater risk to companies' security than e-mail attacks, according to security vendor Sophos.

• Cyberattacks outstripping defences

  Cyberattacks today have become so complex that there may be no real way to completely protect against them, internet security researchers have warned.

• Browser features "more trouble than they're worth"

  Disabling the majority of features in a Web browser may be the safest bet to keep malicious hackers at bay, says a US based IT security watchdog.

• Web 2.woe: Simple security flaws going unfixed

  Web application vulnerabilities are simple to fix but they're here to stay and will likely get worse, say security analysts.

• Criminals set sights on growing army of Mac users

  If Mac users fall for scams that PC users have faced for years, it wont be long before money-hungry crime gangs exploit them, say security experts.

• 'Lighter' Norton 360 V2.0 takes aim at the Web

  "Lighter" is the key word Symantec hopes customers will feel when installing Norton 360 version 2.0, which is the company's security and backup system for small business and home users that was launched today.