Drive-by download attack mows down thousands of websites

Notorious, eh?

"Notoriously wobbly" may be the best way that anyone has ever described ActiveX. Or anything at all.

Writing like that is what keeps me coming back to El Reg. That and years of deeply engrained habit. But mostly it's the writing.

blocking it

It would have been good if you'd directly mentioned the sites in the kaspersky report in the main story, and recommended blocking them (hosts or whatever). So to quote therefrom:

"

The link leads to Java Script located on one of six servers – these servers act as gateways for further redirecting of requests. We’ve identified six of these gateways and they’ve been added to the blacklist in our antivirus:

* armsart.com

* acglgoa.com

* idea21.org

* yrwap.cn

* s4d.in

* dbios.org

If you’re an admin, you should block access to these sites.

Visiting one of the sites results in a secret redirect to a malicious server called vvexe.com which is located in China. Exploits are then used to launch an attack on the user’s machine.

"

Or noscript is spiffing. Shame idiot sites use scripting at all, innit?

If anyone can help, why can't these things be blocked at the root dns level. I know it's not immediately effective as it takes time for the dns record (whatever it's called) to trickle down to non-root (whatever they're called) dns servers, but it's something, surely?

Wrath of the Litch King indeed

Gee -- guess the Gold Farmers are planning on uppin the ante in Litch King.

have had our apps folks beaten up yet again over crap like this on our webservers - thankfully they've finally started to make progress on fixing cruft code.

Helps when the auditors insist on independent vulnerability testing. Better when the testers note that the network and OS layer are just about as solid as can be.

Now -- me n my Gentoo x86_64 and wine are off to eat some hordies in EOTS. And wait patiently for our midnight release copy ......