Since mid-August 2008, users have been reporting “malvertisements,” maliciously-designed Adobe Flash banner advertisements that copy text to the clipboard in Windows, Linux and Mac OS X.

While this “hijacking attack” does not infect computers directly, it copies the URL of a website offering bogus “security software.” Apparently the bad guys’ hope is that you would mistakenly paste their URL in an email to a friend, for example, to unwittingly trick someone to go to their website, putting your friend at risk of getting infected if they visit the bad guys’ site.

We highlighted Firefox Add-on Flashblock recently. This add-on puts you in control of which Flash animations play in Firefox.

NoScript – A More Robust Solution

NoScript blocks Flash, as well as JavaScript and Microsoft’s Silverlight as well as other browser plug-ins (such as Quicktime) that you specify.

Like Flashblock, NoScript takes the pessimistic approach by blocking content unless you specify, either by clicking on the blocked content, or “whitelisting” a particular site (like PreparedPC ;-) ) so that site’s content always displays.

Takeaway: NoScript‘s “lockdown” approach to browsing is restrictive, but it also gives you control over what websites can display in Firefox. If you install NoScript, you may have a short learning curve as you tweak its whitelist.

It’s a radical approach, but the “block now, ask questions later” method is an effective way of protecting a Firefox user from malvertisements and other threats they may encounter while browsing.