Mystery web attack hijacks your clipboard
No, Macs are not immune
A new web-based attack is making the rounds that tries to spread poisonous links by hijacking end users' clipboards.
Forum discussions here, here, here, here and elsewhere all report the same thing: the commenter surfs to a seemingly legitimate site (MSNBC.com comes up more than once) and suddenly a malicious link is copied to the clipboard. The rogue link remains even after the user copies a new batch of text. The only way to remove it is to reboot the computer.
The attack has been reported by Firefox users running both OS X and Windows, but we wouldn't be surprised to hear that other browsers and operating systems are also vulnerable. It's unclear exactly how the attack spreads. The Spyware Sucks blog posits here that banner ads transmitting bad Adobe Flash code is responsible, and that makes sense to us.
If you've encountered this attack, please leave a comment below detailing exactly where you encountered it.
Those behind the attack appear intent on propagating a link (for the record, it's xp-vista-update.net, but we recommend staying away) that claims users' PCs are petri dishes hopelessly infected with malware unless they are immediately cleaned by a fraudulent anti-malware program. By permanently attaching the link to the clipboard, attackers are betting the user will paste it in emails, blog posts or directly into a browser's address bar.
Attacks like these are another reason why running the NoScript extension on Firefox makes a lot of sense. It's not perfect, but it can insulate you from a huge amount of the attack code floating around on the web. ®