Risk
4/26/2007
02:32 PM
Alice LaPlante
Alice LaPlante
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

You Aren't Safe. Get Over It

The latest news to add to the list of online perils to be paranoid about comes courtesy of the Washington Post. Virus writers apparently have a new scheme for distributing malicious code: purchasing popular Google keywords and publishing ads that purport to lead users to legitimate Websites. Some of the keywords the tricksters bought include "BBB" (for Better Business Bureau) and "Cars.com."

The latest news to add to the list of online perils to be paranoid about comes courtesy of the Washington Post. Virus writers apparently have a new scheme for distributing malicious code: purchasing popular Google keywords and publishing ads that purport to lead users to legitimate Websites. Some of the keywords the tricksters bought include "BBB" (for Better Business Bureau) and "Cars.com."The catch is that clicking on these ads really directs users to nasty places where a particularly damaging piece of malware lurks. If you didn't install an IE patch issued by Microsoft in June 2006, and if you're unlucky enough to be lured to one of these dubious sites, a flaw in Microsoft Windows downloads software that steals passwords and sensitive financial information from your PC. This exploit was identified by Exploit Prevention Labs; it echoes a similar one caught by Security Fix in mid 2006 in which a banner ad on MySpace linked users to an equally dangerous URL.

Yes, as respondents to the article have pointed out, you could put the blame on compromised users because they failed to install the IE patch. But let's face it: If you're reading this post on the InformationWeek Website, you almost certainly possess a certain amount of technical acumen--probably more than 99 percent of the general Internet-using population. Unfortunately, a significant proportion of the rest of the world isn't aware of the supreme importance of installing security patches, and moreover depends on the reputation of big-name brands like Google to shield them against tricks like this. Yes, it's naïve. But it explains the alarming statistics of why so many PCs of less-technically-expert people get infected so fast and so frequently.

This latest nefarious antic certainly gave me pause: I use Google sponsored links all the time. And--clearly wrongly--the fact that they appear on the Google search results page has always increased my sense of their legitimacy. One more thing to put on my personal list.

What about you? What of all the continuous stream of malicious tricks particularly alarm you? Have you ever fallen for one? Has anyone near and dear to you been tricked into giving up sensitive data? Let us hear your stories.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web