Posted by Kaelten Dec 02, 2008 at 01:10 UTC
Another jerk or group of jerks took advantage of the holiday weekend to spam a few thousand comments on the website.
These comments, due to a small security hole in one of the parsers, was able to embed an iframe on the page. It would then in turn try to target out of date versions of Flash.
We've cleaned up any of the comments that we can find, prevented any further ones from rendering, and plugged the leak in the parsers.
I'm not sure exactly what he was trying to install on machines, but I know it looks like it specifically targeted IE with Flash lower than 9 r124.
We're doing what we can to ensure that this type of attack on our users is impossible in the future. Please check your flash version, if you have a vulnerable version please run a virus scanner and try to make sure all is good.
If anyone discovers more information about what exactly they where trying to do, the effectiveness, and detection/cleanup techniques please post them in the comments.