A new <A HREF="http://www.infoworld.com/article/08/07/30/Exploit_Reveals_the_Darker_Side_of_Automatic_Updates_1.html?source=rss&url=http://www.infoworld.com/article/08/07/30/Exploit_Reveals_the_Darker_Side_of_Automatic_Updates_1.html">exploit called Evilgrade</A> takes advantage of automatic updaters to install malicious code on unsuspecting systems.
Evilgrade is designed as a modular framework that accepts plug-ins capable of mounting attacks on a variety of software packages employing their own auto-update procedures. Currently targets include the Java browser plug-in, WinZip, Winamp, OpenOffice.org, the LinkedIn Toolbar, iTunes, and Mac OS X, among others.