I hope someone else hasn't already posted this, but here goes.
Just in case the CMs aren't up with the latest hot infosec news, the Chinese exploit pack "MPack" just obtained a brand new, "0day" — unfixed — vulnerability in Adobe Flash.
This is, right now at this very moment, being seeded to various domains (which obviously I won't link here — most of them are .cn domains, but not all of them) in preparation for attacks on various online games, including World of Warcraft.
That's right people — we're about to see another storm of keyloggers posted to the forums and possibly included in advertisements on third-party sites by goldsellers to steal your account so they can grab the loot, use your account to spam the heck out of us all, and then sell your gold back to hapless players.
Because this is really a "0day" vulnerability, no patch is available, and since virtually everyone on every platform runs the Flash plugin, you are (very, very likely) vulnerable.
Please be careful where you click, as merely visiting an infected site may at least try to infect your machine, and the password stealers are brand new, so many of the more mainstream antivirus utilities will not detect them yet. They may even try to sneak the exploits into ads served by legitimate sites; they've done it before, so webmasters, pay attention.
Coverage from the Internet Storm Center, as it happens:
http://isc.sans.org/diary.html
SecurityFocus' reference for it:
http://www.securityfocus.com/bid/29386
ZDnet's initial blog on the issue:
http://blogs.zdnet.com/security/?p=1189
A much more detailed blog post with many more technical details, including a list of some of the known domains involved in the attack:
http://ddanchev.blogspot.com/2008/05/ma...h-zero.html
Why you shouldn't buy gold (in short, because it funds organised crime like this):
http://www.wow-europe.com/en/info/fa...elling.html
Or if you don't trust me, a direct link to the forums :
http://wow.allakhazam.com/forum.html?fo ... =12;page=1
