October 27, 2010

How Many Websites Have You Visited Today?

[Thanks to Nerd Dennis Houseknecht for this post]


Every time you visit a website that includes a lot of ads, you are effectively visiting many sites at once.  That is because those ads are probably executing “code” (that is, computer programs) in your web browser (that is, on YOUR computer).
The owner of the site you MEANT to visit has no control over that code, and often has no idea where that code is coming from. Large internet advertising companies, such as doubleclick.com, act as “middlemen”, selling ad space on popular websites to anyone who is willing to buy it.
If this sounds like a bad idea, well, it is. It is not the way the internet was originally intended to work. However, it is also what transformed the internet from a gallery of static text and images to the interactive playground we have all come to know and love. With roses, come thorns.
Ads can, and sometimes do, contain “malicious” code – that is, code that is intended to exploit known vulnerabilities in web browsers and the other programs that work with those browsers. Sometimes legitimate websites are also “hacked”, meaning that someone has gained access to the site and installed malicious code without the knowledge of the sites’ owners.
This malicious code, or “attack code” usually takes a “shotgun” approach to exploiting its victims.  There may be 10, 20, or more attacks that run sequentially, each looking for a flaw in the web browser, or a browser add-on, that has not been fixed.
Every time one of these flaws is discovered in Internet Explorer and “patched” by Microsoft, you can bet that within days (or hours) there is attack code embedded in ads and on websites (both malicious and legitimate), just waiting to attack those who have not updated. This problem is not unique to Microsoft –
Mozilla Firefox, Google Chrome, and all other browsers sometimes have vulnerabilities discovered in them. All browsers require security updates when this happens.
Web browsers also use “add-ons” to display certain types of web files. Common examples are Adobe Flash Player, the Adobe Acrobat Reader web browser plug-in, and Sun Microsystems Java. In fact, these web browser add-ons tend to have even more vulnerabilities and are attacked even more often than the actual browsers.
The result is what have become known as “drive-by downloads” – meaning that malicious code gets downloaded onto the victim’s computer by simply visiting the website – no other action is required.  The most common file installed is a “fake” or “rogue” antivirus program, also known as “scareware”.
Its purpose is to convince the victim that their computer is infected with (some OTHER) malware. The victim is then enticed to pay money to remove the infection and / or to download a “fix”, which is just another, more serious malware infection. At the end of this two-stage process, the victim has a thoroughly compromised and infected computer. What a dirty business!!
Why? That would be an article in its own right, but the bottom line is that there is money to be made by getting malware onto other peoples’ computers. The real question is what can you do to reduce the risk of being a victim?
1.  Upgrade to a current web browser. Some people are still using Internet Explorer 6, which is much more easily attacked than IE 7, 8, or the newest version (still in beta), IE 9. Mozilla Firefox and Google Chrome tend to be attacked less often.
2.  Keep your web browser updated – set it to update automatically or notify you when updates are available. Install updates promptly.
3.  Use ad-blockers. These not only block the ads, they (usually) block the code the ads run as well.
4.  Use flash blockers – these are security add-ons for web browsers that prevent flash from running unless you provide explicit permission for it to run. Malicious flash code in ads is one of the most common drive-by attacks.
5.  Stay away from the darker corners of the internet – pornography sites, gambling sites, free music and file-sharing sites. You are much more likely to encounter malicious sites in these dark corners.
6.  Use a DNS service, such as OpenDNS, that keeps lists of malicious sites and warns you before you visit one (or blocks them completely). If you do not know how to change your DNS service, call a Nerd or your favorite “techie” friend.
7.  Make sure your web browser has the proper security settings. Your web browser should never allow files to download or execute without asking your permission.
8.  If you get a pop-up that says you have an infection and you are not ABSOLUTELY sure it comes from your security software, call a Nerd or someone who knows what to do for help. Don’t make a small problem into a big one.
9.  Use advanced security plug-ins, such as the no-script plug-in for Firefox. This is excellent protection, but will also make surfing legitimate sites more difficult.
10.  Set up a virtual machine for your web surfing. This can be the very best protection, and can be done for free. You may need a Nerd to help you set it up.

Need an IT professional? Request service today.