To resurrect an old thread............. (no new threats, just a year end Malware summary from Malwarebytes)

https://blog.malwarebytes.org/malvertis ... -and-zedo/

It isn't just Google. I recommend Firefox (or Seamonkey) with NO SCRIPT for those on Windoze.

FYI

I wish Flash would just die already...

I found this comment above interesting, "Apple has demonstrated that it is possible, not to mention safer, to
live without it (Flash)"

Short of uninstalling it, the safest way I know of to deal with it is:

1. Subscribe to a list like SANS for early warning

2. CONSTANTLY patch (there are 3 versions: (1 for I.E. 1 for Firefox, & 1 for all other browsers)

3 Use Firefox ONLY. (I.E. is invisibly called up by many programs though, I don't know how to stop that behavior as the end user doesn't know it's running)

4. Install No Script as a Firefox add on.

5. Set Firefox to always ask before allowing Flash to run (& be aware that some of the You Tube adds are infected).

As far as Flash, that's the extent of my knowledge. Also keep your java current; almost as much of a risk. Both are much bigger risks than XP. If you are using XP, use Fox-it free pdf reader; NOT Adobe.

No YouTube ads are infected. The adspace doesn't hold anything but image and link data. Clicking through a YouTube ad could conceivably lead you to a site that serves malware, but you'd first have to make the decision to click and then deliberately do it.

I'm not saying ICE is unsafe. What the article is saying is GOOGLE is serving adds infected by Malware. Google is not practicing due diligence. And Google Owns You Tube, so controls the add content.

Linda, you might want to post the most recent ABP script you gave me to block the You Tube Adds.

I use ClickToFlash (requires permission to run Flash) and a Youtube extension that forces the page to load HTML5 versions of videos when possible.

Ted, What's the name of the You Tube Extension? What browser is it for?

Google has recently changed to HTML5 as the default for YouTube. Flash is becoming less and less necessary. That said, this kind of thing is not nearly the cause for concern that Geff's regular postings here might lead you to believe. Just being sensible about what sites you visit and what you click on protects you from 99% of threats out there. Running an adblocker in your browser protects you from 99.999% of the rest, and those handful are not really a cause for concern for the VAST majority of people anyway. Also, I don't see Chrome mentioned up there as being vulnerable, so switching to that might help even more.

I'm not saying that Geff's posts should be discounted entirely; at a minimum, they can raise your awareness and certainly should make one think before clicking on something dodgy. I'm just concerned that some of you might get a little too worried from these posts, and stop visiting the boards. There's nothing to worry about here!

I really like the new feature in Firefox of disabling Flash until the end user allows it each time. I agree with Jeff that it's rarely necessary. It also really speeds up Amazon pages loading; I don't know what the Flash is doing on both Ebay & Amazon; but my Amazon loading time has been cut in 1/2, & browser freeze ups (my main pc is a quad at 2.4 ghz which is a bit slow these days), have been cut way back also.

Another comment I found interesting from the last Sans post above, "Historically broken Flash has now replaced
browsers as the most persistent vulnerability on the desktop."

FYI: Flash patch #3 referred to above is out. It may NOT get delivered automatically for several days. If you wish to get it immediately, go here:

http://www.adobe.com/products/flashplay ... tion3.html

These are the full versions, not the installer stubs that sometimes freeze during download.

This specific article does not relate to Google or You Tube, but it is relevant in the bigger picture. There is a real problem with this issue.

I love Malwarebytes and won't have a PC without it. I'm glad they're on this.

I use MBAM & MBAE on all my machines.

hmmmm...