said by moonpuppy:
That's what I saw MGD. That's the culprit.
Google has now picked up another post from last night of a user browsing foxnews.com
quote: Added emphasis
Disturbing spyware activity on Mac with 3.0.8 upgrade
Firefox version: 3.0.8 Operating system: OSX
While browsing on the web, An alert popped up claiming I had an infection and asked if I wanted the "PC" scanned and cleaned. I tried to close the alert but the screen starting showing something purporting to be a scanning operation so I shut Firefox down. I restarted Firefox and a screen saying I had now been upgraded to 3.0.8 came up followed by a restart of the "scanning" activity. I shut down the Mac and checked my Google web history using another PC. Google history shows me visiting foxnews.com and then onlineproantispywarescannerv2.com I have no idea how I could have gotten to that URL. A whois check shows that that URL is not even registered. I've been unsuccessful google searching for anything associated with this "url". Any ideas???
Though I saved that foxnews page sourcecode shortly afterwards, it is impossible to tell which of the various adservers were responsible for hoarding this attack script. Someone needs to clean up their act though, as this is apparently a persistent vector with a large potential for exposure.