While these sites had no intention (or maybe even knowledge) of this, it goes to underscore a point that, while you may trust Google, Yahoo!, Fox, Facebook, eBay, etc., as trustworthy sites, the bulk of the content that these sites serve up is not coming from them – it’s coming from third parties, such as ad networks, which you don’t necessarily trust, or even know.

To protect yourself from this sort of attack, I recommend the following:

• Limit unnecessary web surfing, especially at work and doubly so for machines and networks which handle sensitive information. If you don’t go to the site in the first place, you can’t get infected.
• Make sure you are using a recent “alternative” browser, such as Firefox or Chrome. While this is no guarantee of safety, Internet Explorer is still the main target for browser-based attacks. Using an alternative platform may lower this risk by lowering your profile.
• Run extensions such as Adblock Plus and NoScript. These disable active programming on websites by default. Note: This does mean more work for you, as the bulk of websites you hit will not work until you enable the scripting components on the pages. However, you are much, much safer from this type of attack.
• Keep your operating system and all other software on your computer patched and up to date. Many of these sorts of attacks rely on flaws in software installed on your computer. If the flaws are patched, then you are less vulnerable to the attack.
• Know what your anti-malware program and operating system alerts look like. Many of these “drive by downloads” rely on tricking the user into installing malware by popping up fake notices telling them that their system is infected, and needs to be scanned. What they are really doing is tricking the user into running the malware in the first place! Don’t be fooled! Learn what your software really is likely to say in the event of malware detection, and how to respond appropriately. If you have any questions, contact your IT staff before taking any action, including clicking on links or closing windows.
• As always, drop those admin rights.

Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.).  However, the AutoRun task will still be enabled for media like CD-ROM. There are more details on the change over at the Windows 7 blog as well as at the Security Research and Defense (SRD) blog.

Good! In an admittedly controversial move, we recommended this exact same thing months ago to combat the spread of Conficker, and made the change  to several clients’ networks. At first, there was some grumblings because USB sticks and digital cameras did not automatically mount, but we were able to convince them of the added security benefits. I am pleased to see Microsoft doing the same thing by default.

What does this mean to end-users? Simply that if you want a certain program to run when you insert a USB stick, camera, or other storage device, you will need to tell your computer to do this. It sounds like a hassle, and it is indeed a small extra step you need to take. However, even Microsoft has finally admitted that it is a great benefit to your system’s security, and therefore should be applauded.