Google Security Team on one of its blog post tells that, listen to the all warnings on search results and on browsers even the source is trusted one. Because for surely those trusted sites will be under attack. The Security team is confident about the warnings given by scanners.here is the post published on Online Security Blog
This week in particular, a lot of web users have become vulnerable. A number of live public exploits were attacking the latest versions of some very popular browser plug-ins. Our automated detection systems encounter these attacks every day, e.g. exploits against PDF (CVE-2010-2883), Quicktime (CVE-2010-1818) and Flash (CVE-2010-2884).By Panayiotis Mavrommatis and Niels Provos, Security Team
We found it interesting that we discovered the PDF exploit on the same page as a more “traditional” fake anti-virus page, in which users are prompted to install an executable file. So, even if you run into a fake anti-virus page and ignore it, we suggest you run a thorough anti-virus scan on your machine.
We and others have observed that once a vulnerability has been exploited and announced, it does not take long for it to be abused widely on the web. For example, the stack overflow vulnerability in PDF was announced on September 7th, 2010, and the Metasploit project made an exploit module available only one day later. Our systems found the vulnerability abused across multiple exploit sites on September 13th.
Here’s a few suggestions for protecting yourself against web attacks:
- Keep your OS, browser, and browser plugins up-to-date.
- Run anti-virus software, and keep this up-to-date, too.
- Disable or uninstall any software or browser plug-ins you don’t use — this reduces your vulnerability surface.
- If you receive a PDF attachment in Gmail, select “View” to view it in Gmail instead of downloading it.