For any other users, a helpful note: to help reduce your risk check out this tool. Very helpful for users to keep their stuff updated. Checks your browser, java, flash, adobe, silverlight, etc. in one step. There are similar utilities but this works for any browser and checks more than just plug-ins, completely free, etc.

From http://krebsonsecurity.com/2011/03/test-your-browsers-patch-status/ (reputable source)

https://browsercheck.qualys.com/ (reputable security company)

@edgework: Ok, thanks. I'm glad to hear you guys have done due diligence and more. Your response sounds like everything your users would hope for, which is much appreciated. I don't want to waste your time, but balance that with wanting to alert you as quickly as possible in the event you have an issue that might impact everyone.

I've got a VM client sandbox with a barely patched browser for testing, visiting the same sites I had up yesterday. No incidents yet, which is not surprising due to rotating ads. If I do see anything useful I will have more data next time.

I also had one of the dictionary sites open in the background, and yeah I see it has plenty of ads too. It could have rotated an ad without me seeing that when I was looking at GS. Just wikipedia otherwise. So I want to be clear it is certainly possible it was not your ad feeds- and that stuff is 3rd party content from other providers.

Sorry guys, I did not notice which ads were up when my anti-virus started screaming at me. I had just opened a second tab that I wasn't look at. I think the article on DA:I patch. I had 1-2 other tabs open but there were no ads on those and they had been on the same page for many hours.

As soon as my corporate AV alerted me it was clear something was running amok... I killed the browser with Alt-F4 and brought up Process Monitor to see which thread was writing to my hard drive, found it and killed that process. That made it hard to see what was on-screen. About 15-20 seconds and it ate 400 files. If there is a cookie or something that may give any other details I'm glad to check. I can show the URL's but I think that doesn't help.

If I see it happen again I can try and grab a screen shot. If there is anything else I can check on the client side let me know via email. Thanks.

@edgework: Hi, indeed patching is good guidance, and I second that for all users. Unfortunately it is not safe to connect to the internet even if you are 100% patched and updated.

As I work security, firewalls, and website apps for Fortune 500 clients for a long time I am aware of the concern in spades. Users need to update OS patches, browsers, code platforms (such as Java, .Net, ActiveX, Flash, Shockwave, Silverlight, etc.) and all plug-ins. Not all of those have auto-update agents so people need to stay on top of it. All the time, even monthly can be too slow - but we can't expect users to handle this on a daily basis. However, even when all components are current on patches there are still vulnerabilities.

So that's all good. However, "blaming the user" is not what anybody wants to hear from a reputable site when this happens.

btw- since even your help pages and forums are loaded with ads... I'm not hanging out here to watch for replies. I'll be back after I've installed CryptoPrevent or other local security policy controls to prevent a re-attack.

Hi guys - I'm in IT 25 years (L3 engineer at HP for past 15) so please don't blow this off. No that doesn't mean I know everything, very well aware of it - but I'm not prone to stupid rookie mistakes is my point. This isn't my specific area of expertise however, so I'm entirely open to new data (can't troubleshoot problems otherwise, right?). Sorry, looking for the fastest way to alert you guys... I know this may not be the best method.

I was on your site when attacked by CryptoWall 3.0. (not CryptoLocker). It's well-known ransomware. I suspect it was via your ads (the common vector). I hope you are aware of the problem or at least the danger. This isn't new. I caught it before it got any sensitive data- but 400+ files lost and I am having to clean up. Thanks. :(

I have some idea that you can't control the ad content... but you should be monitoring your 3rd party content, etc. to protect your user community. You guys really need to take care of this, you don't need to have your reputation tarnished in the news... besides the obvious concern about having your customers PC's trashed. I've been a subscriber for many years and now I am afraid to come to the site. Not cool.

Best of luck, let me know if there are any questions if I can assist.