Feeds

Mystery web attack hijacks your clipboard

No, Macs are not immune

Security for virtualized datacentres

A new web-based attack is making the rounds that tries to spread poisonous links by hijacking end users' clipboards.

Forum discussions here, here, here, here and elsewhere all report the same thing: the commenter surfs to a seemingly legitimate site (MSNBC.com comes up more than once) and suddenly a malicious link is copied to the clipboard. The rogue link remains even after the user copies a new batch of text. The only way to remove it is to reboot the computer.

The attack has been reported by Firefox users running both OS X and Windows, but we wouldn't be surprised to hear that other browsers and operating systems are also vulnerable. It's unclear exactly how the attack spreads. The Spyware Sucks blog posits here that banner ads transmitting bad Adobe Flash code is responsible, and that makes sense to us.

If you've encountered this attack, please leave a comment below detailing exactly where you encountered it.

Those behind the attack appear intent on propagating a link (for the record, it's xp-vista-update.net, but we recommend staying away) that claims users' PCs are petri dishes hopelessly infected with malware unless they are immediately cleaned by a fraudulent anti-malware program. By permanently attaching the link to the clipboard, attackers are betting the user will paste it in emails, blog posts or directly into a browser's address bar.

Attacks like these are another reason why running the NoScript extension on Firefox makes a lot of sense. It's not perfect, but it can insulate you from a huge amount of the attack code floating around on the web. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.