Pollen Allergy (The Attack of the Online Florists)

I was talking to the helpdesk team meeting about safe browsing yesterday. I went round the table asking for guesses about the site category that caused the most virus blocks this week. All the usual categories came up: social networking, webmail, blogs and one wag offered the BBC. All good tries except the last, and all wrong.

The real answer was online florists.

Well, that was my route into saying that no site is really safe, (in fact it's a really good security story) and that's why I was going to have another review of their privilege, but I didn't really give it the thought it deserved.

Happily, Mary Landesman has. But I wish she had been able to figure out what was going on.

UPDATED 16/1/2008

It's being reported that all these sites were on Fasthosts when they had that mass site admin password reset in October (and then waited till December to enforce it). Looks as if the malware dropped at that time was left quiescent until last week which makes this a really good security story: Hackers are willing to wait, and there really is no logical end to the consequences of a root compromise.