Google, we have a problem. It seems you can’t go to a single tech site right now without hearing about the “Google Poisoning Attack” and how it works. For an attack that has been around since March, its amazing that it is now starting to pick up mainstream attention.
To put it in simple terms, legitimate websites are unknowingly causing the problem due to flaws in Adobe software. Adobe, yep, Flash, Acrobat, other items, doesn’t matter. It seems that there is some flaw involved with it all. I do know that there have been a few Zero-Day Adobe exploits that have recently been patched by Adobe, heck my own machine got updated today. Will it help me out, I don’t know.
The scary thing about it all is that although this poisoning has been around since march, the amount of affected sites has almost quadrupled in one weeks time from about 800 to about 3000 according to ScanSafe. CERT has raised a red flag because of this huge increase, and it does not look like it is slowing down.
The real question about all of this is again, patching. When was a fix for the vulnerability released, and how long does it take companies to patch?
I’d post more information about what happens to your machine such as FTP usage, stolen passwords, etc, but honestly, so much is out there on it that you just need to go to any site such as eWeek’s site to get more info on the attack itself. Just be careful and make sure your machines are as updated as they can be.