Unlike past outbreaks of the mass web attack known as Gumblar, this round actually plants exploit code on the website servers themselves. Curiously, the directory and file name of the malicious payload is in most cases unique and identical to a legitimate file that existed on the website.

The trick makes it extremely difficult for webmasters and anti-malware programs to detect the threats.

“This is an ugly can of worms,” said Mary Landesman, the ScanSafe security researcher who warned of the mass attack. “Any time you see a new technique evolve like this the concern is we’ll be seeing much more of this in the future, and certainly it complicates the remediation of the compromised website.”

Previously, Gumblar planted links in thousands of compromised websites that silently redirected users to a handful of servers that hosted the exploits. That method allowed white hats to foil the attack by shutting down one or two domains. With the malware embedded directly in the compromised websites, the take-down process is significantly more time consuming.

Also making matters hard for Landesman to get the sites cleaned up: Most of the websites belong to small businesses that cater to non-English speakers. Few of them have dedicated security employees, and even when representatives can be located, the person contacting them must speak multiple languages.

While the websites are relatively small, Gumblar architects have planted links in online discussion forums across the web that often cause RSS readers to automatically send users to the booby-trapped pages. Landesman suspects black-hat search engine optimization may also be causing the infected sites to be featured prominently in results returned by Google and others.

People who are unfortunate enough to visit the sites won’t see anything unusual. But behind the scenes, a PHP script checks their version of Adobe Reader and Adobe Flash, and if their out of date, hijacks their PCs using known vulnerabilities. If both of those programs are up to date, the script tests to see if the system is vulnerable to several bugs Microsoft has patched in the last few months.

Hijacked machines will be installed with a backdoor that gives the hijackers complete control. They are also equipped with malware that manipulates search results returned by Google.

It’s unclear exactly how the sites are getting compromised. Landesman suspects FTP passwords for the sites have been lifted from administrators’ computers using key-logging malware.

Arhur Monderos is working in a company as antivirus software specialist and he runs his informative blog where he helps you to choose best antivirus software for you computer.

Kate Hanni, a resident of California, is the founder of the Coalition for an Airline Passengers Bill of Rights, an organization lobbying for federal laws that require airlines to provide bathroom access, clean air, and access to medical treatment when passengers are held up for hours on the tarmac. The legislation would also give passengers an option to exit the plane if they have been delayed on the tarmac for over three hours. Four versions of a “Airline Passenger’s Bill of Rights of 2009″ are currently pending before Congress.

In a lawsuit filed in Houston, Texas on Tuesday, Hanni accuses the world’s largest airline carrier and an aviation consulting firm of conspiring to breach her computer and email in order to derail her lobbying efforts. She seeks a minimum of $11m in damages.

According to court documents, Hanni claims earlier this year she began exchanging emails with Frederick Foreman, an analyst with Virginia-based Metron Aviation who was researching US government airline surface delay data. During their correspondence, both swapped data and information about surface delays without explicit permission from Metron, of which Delta is a client.

Hanni said her PC and American Online email account were both accessed illegally this summer, with AOL confirming the email breach. Some of her data was copied to an unknown location, and other files were corrupted and rendered useless.

The plot thickens in Foreman’s affidavit. He claims that on September 25, 2009, Metron executives confronted him with “what appeared to be hacked and stolen email communications” between Hanni and himself, as well as two media contacts. The emails were sent from his private accounts on MSN and AOL and not sent through Metron’s internal email system, he claims.

Foreman states in his sworn affidavit that the executive informed him the emails were sent to the Metron from Delta and that the airline was “mad and upset” Hanni had been provided with the flight delay information. Foreman claims he tried to explain that the data was publicly available online from US government statistics, but was still fired and escorted off the premises.

When reached for comment, Delta flatly stated, “the allegation that we would hack an individual’s e-mail is absurd.”

Hanni claims Delta has a motive for seeking and destroying her data because if passenger rights bills are passed, airlines stand to lose over $40m in revenues in addition to millions more in accommodations for customers exiting planes during long delays. Currently, airlines are not restricted by law on how long planes can hold passengers on the tarmac.

Arhur Monderos is working in a company as antivirus software specialist and he runs his informative blog where he helps you to choose best antivirus software for you computer.

The service debuted on Tuesday with this page, which checks 15 plugins to make sure they’re the most recent versions. Over time, Mozilla developers plan to scan additional addons, and they also plan to embed a feature into version 3.6 of the open-source browser that will automatically indicate which plugins used on a current page are out of date.

The offering builds on a feature Mozilla rolled out last month that warned Firefox users when they had an out-of-date version of Adobe’s Flash media player installed. In its first week, Mozilla statistics showed more than half of those who installed the latest Firefox release were running an insecure version of the frequently attacked plugin.

Not that the service has necessarily gotten off to as good a start as one might hope. Our tests failed to detect the use of Adobe Reader, another application widely abused by criminals. And other plugins, such as Google Picasa and the iTunes Application Detector were also left out in the cold.

But as Mozilla makes clear here, the page is only the beginning. Eventually, the organization plans to “create a self-service panel for vendors to update their plugin info as new releases come out.”

It’s initiatives such as these that demonstrate Mozilla’s dedication to the security of its users, and for that it deserves props. When legions of end users keep internet-facing software updated, we all win.

“We strongly recommend that add-on developers require SSL for updates to prevent the attack described above,” Window Snyder, chief security officer for Mozilla, stated in a post to the group’s developer blog.

The Mozilla Foundation released on Wednesday a patch for both version 1.5 and version 2.0 of the browser, fixing a critical memory corruption flaw.

Arhur Monderos is working in a company as antivirus software specialist and he runs his cool blog where he helps you to choose best antivirus software for you computer.