Thursday, December 31, 2009

Why I browse using Firefox with NoScript: Fox Sports Web Site, NY Times ads Infected

Just one more reason to do all your Internet surfing as a non-administrative user, with Firefox, and using both the NoScript add-on and the Adblock Plus add-on:

Fox Sports Web Site Infected, Injected Code Serves Exploits |
Security researchers warn that the Fox Sports website has been compromised by unknown attackers, who injected malicious code into a custom error page. There are two separate offensive script tags, each of them created by a different infection.

The page was detected by the ThreatSeeker Network system developed and operated by Websense, a Web security vendor. Security researchers investigating the suspicious link determined that it was pointing to a custom “Page not Found” document, displayed in case of a 404 error.

Webmasters deploy such pages in order to help visitors who are looking for a Web resource that is no longer available. They include suggestions or search boxes that can be used to find the new location of the document.

The website is operated by the Fox Sports division of the Fox Broadcasting Company and according to Alexa, it is in the top 330 websites in the world as far as traffic goes. This website is ranked at position 88 in the United States and is part of the MSN network.

New York Times Site Pop-Up Says Your Computer Is Infected as documented here at

Note to Readers
Some readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser. Questions and comments can be sent to

Seriously, if you're out there surfing, you really need to surf as a non-admin user to limit the damage malware can do to your computer. IE users should purchase and USE Sandboxie.

No comments: