Dice il Saggio... Obiwan (che ringrazio) :
dato che in IE non esiste alcun "noscript" ed il coso di
cui si parla è una bestiaccia (il minimo che può capitare
è vedere la richiesta di installazione di un "fake av")
<====================================================================>
http://isc.sans.edu/diary/More+on+Google+image+poisoning/10822
http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
Unless you're running NoScript or something similar, be very careful
searching for images on Google Image Search.
A key point in the SANS article is that the malware pushers run scripts
on their website that detect when Google is crawling the site to build
its index of images. If the script on the malicious site detects that
the site is being visited by Google’s crawler, it delivers a benign
image. However, when the average web surfer visits the same site via a
Google image search, the script delivers something less benign.
Krebs link:
[Denis Sinegubko, a Russian malware researcher who has been studying the
fake anti-virus campaigns, called this tactic “the most efficient black
hat trick ever,” and said it is exceedingly easy to set up.]
SANS: "Google’s image search seem to be plagued with malicious links."
<====================================================================>
Edoardo Benussi
Microsoft MVP - Management Infrastructure
edo[at]mvps[dot]org
