Risk
4/26/2007
02:32 PM
Alice LaPlante
Alice LaPlante
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

You Aren't Safe. Get Over It

The latest news to add to the list of online perils to be paranoid about comes courtesy of the Washington Post. Virus writers apparently have a new scheme for distributing malicious code: purchasing popular Google keywords and publishing ads that purport to lead users to legitimate Websites. Some of the keywords the tricksters bought include "BBB" (for Better Business Bureau) and "Cars.com."

The latest news to add to the list of online perils to be paranoid about comes courtesy of the Washington Post. Virus writers apparently have a new scheme for distributing malicious code: purchasing popular Google keywords and publishing ads that purport to lead users to legitimate Websites. Some of the keywords the tricksters bought include "BBB" (for Better Business Bureau) and "Cars.com."The catch is that clicking on these ads really directs users to nasty places where a particularly damaging piece of malware lurks. If you didn't install an IE patch issued by Microsoft in June 2006, and if you're unlucky enough to be lured to one of these dubious sites, a flaw in Microsoft Windows downloads software that steals passwords and sensitive financial information from your PC. This exploit was identified by Exploit Prevention Labs; it echoes a similar one caught by Security Fix in mid 2006 in which a banner ad on MySpace linked users to an equally dangerous URL.

Yes, as respondents to the article have pointed out, you could put the blame on compromised users because they failed to install the IE patch. But let's face it: If you're reading this post on the InformationWeek Website, you almost certainly possess a certain amount of technical acumen--probably more than 99 percent of the general Internet-using population. Unfortunately, a significant proportion of the rest of the world isn't aware of the supreme importance of installing security patches, and moreover depends on the reputation of big-name brands like Google to shield them against tricks like this. Yes, it's naïve. But it explains the alarming statistics of why so many PCs of less-technically-expert people get infected so fast and so frequently.

This latest nefarious antic certainly gave me pause: I use Google sponsored links all the time. And--clearly wrongly--the fact that they appear on the Google search results page has always increased my sense of their legitimacy. One more thing to put on my personal list.

What about you? What of all the continuous stream of malicious tricks particularly alarm you? Have you ever fallen for one? Has anyone near and dear to you been tricked into giving up sensitive data? Let us hear your stories.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web