StoneDrill malware sits in a victim's browser
How does the StoneDrill malware get into the victim's browser in the first place?
Researchers following up on last November's re-emergent Shamoon malware attacks have found something even nastier. A quartet of Kaspersky researchers say the “StoneDrill” malware sits in a victim's browser, and wipes any physical or logical path accessible with the target user's privileges. Although StoneDrill mostly seeks …
For effective browser security use a VM running from a Linux live CD ISO. Do not give the VM any persistent storage and restart the VM for each new browser session. If the VM does not have access to any of its host's file system then even the most heavily boobytrapped web site should be unable to cause damage.