Feeds

Mystery web attack hijacks your clipboard

No, Macs are not immune

Next gen security for virtualised datacentres

A new web-based attack is making the rounds that tries to spread poisonous links by hijacking end users' clipboards.

Forum discussions here, here, here, here and elsewhere all report the same thing: the commenter surfs to a seemingly legitimate site (MSNBC.com comes up more than once) and suddenly a malicious link is copied to the clipboard. The rogue link remains even after the user copies a new batch of text. The only way to remove it is to reboot the computer.

The attack has been reported by Firefox users running both OS X and Windows, but we wouldn't be surprised to hear that other browsers and operating systems are also vulnerable. It's unclear exactly how the attack spreads. The Spyware Sucks blog posits here that banner ads transmitting bad Adobe Flash code is responsible, and that makes sense to us.

If you've encountered this attack, please leave a comment below detailing exactly where you encountered it.

Those behind the attack appear intent on propagating a link (for the record, it's xp-vista-update.net, but we recommend staying away) that claims users' PCs are petri dishes hopelessly infected with malware unless they are immediately cleaned by a fraudulent anti-malware program. By permanently attaching the link to the clipboard, attackers are betting the user will paste it in emails, blog posts or directly into a browser's address bar.

Attacks like these are another reason why running the NoScript extension on Firefox makes a lot of sense. It's not perfect, but it can insulate you from a huge amount of the attack code floating around on the web. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.