I haven't been able to find anyone else this happened to, so this may not be such a big threat, however the experience proves that Safari 2.0 has problems.
During a google for some stuff I ended up at a .ru tld website (seems like almost always a bad idea, anyway), where I got automatically redirected elsewhere.
I noticed that popup blocker was not working (it IS checked in prefs). Popups were showing up and disappearing very fast, but one pop-over and one pop-under stayed open.
I quit Safari, restarted it, & decided to do some work on my website. First, I wanted to check the latest mods in all major browsers. When I launched the site in Safari, things got "interesting".
Paranoid Android informed me that Safari was trying to launch an URL with the scheme 'ms-its'
(
http://www3.ca.com/securityadvisor/v....aspx?id=26699
http://www.dshield.org/pipermail/int...ly/008211.html )
So, I went to check on the cookies... There was a fair amount of unusual crap in there so I just nuked everything. Call me a Paranoid Human, I nuked Safari & its files too. Reinstalled the website from backup just to be safe. Whatever happened, it seems that the Russki malware looked for a referral URL and then somehow latched itself to it. Since the last place I looked at before the whole rigmarole began was my site, it ended up being a victim. (Nuking cookies solved the prob, BTW)
I yet have to see what the attacker intended to do, but I don't feel like using my machine to do it. I'll likely have to dust off an iMac for investigative purposes.
So... Uh... I was moving to Firefox anyway, and this is just making the departure from Safari faster...
What I don't get is how an exploit aimed at IE ends up affecting S2? :P
iG/<
P.S. Of course this ms-its thingy couldn't really do anything. It was just really annoying.
Linear Mode
