informa
Announcements
Event
Think Like an Attacker: Understanding Cybercriminals & Nation-State Threat Actor | Nov 16 Virtual Event <REGISTER NOW>
Event
Tips for A Streamlined Transition to Zero Trust | Sept 28 LIVE Webinar <REGISTER NOW>
Event
The Evolution of the Vulnerability Landscape in 2023 | Sept 27 LIVE Webinar <REGISTER NOW>
PreviousNext
Risk
2 MIN READ
Commentary

You Aren't Safe. Get Over It

The latest news to add to the list of online perils to be paranoid about comes courtesy of the Washington Post. Virus writers apparently have a new scheme for distributing malicious code: purchasing popular Google keywords and publishing ads that purport to lead users to legitimate Websites. Some of the keywords the tricksters bought include "BBB" (for Better Business Bureau) and "Cars.com."
Alice LaPlante
Contributor
April 26, 2007
The latest news to add to the list of online perils to be paranoid about comes courtesy of the Washington Post. Virus writers apparently have a new scheme for distributing malicious code: purchasing popular Google keywords and publishing ads that purport to lead users to legitimate Websites. Some of the keywords the tricksters bought include "BBB" (for Better Business Bureau) and "Cars.com."The catch is that clicking on these ads really directs users to nasty places where a particularly damaging piece of malware lurks. If you didn't install an IE patch issued by Microsoft in June 2006, and if you're unlucky enough to be lured to one of these dubious sites, a flaw in Microsoft Windows downloads software that steals passwords and sensitive financial information from your PC. This exploit was identified by Exploit Prevention Labs; it echoes a similar one caught by Security Fix in mid 2006 in which a banner ad on MySpace linked users to an equally dangerous URL.

Yes, as respondents to the article have pointed out, you could put the blame on compromised users because they failed to install the IE patch. But let's face it: If you're reading this post on the InformationWeek Website, you almost certainly possess a certain amount of technical acumen--probably more than 99 percent of the general Internet-using population. Unfortunately, a significant proportion of the rest of the world isn't aware of the supreme importance of installing security patches, and moreover depends on the reputation of big-name brands like Google to shield them against tricks like this. Yes, it's naïve. But it explains the alarming statistics of why so many PCs of less-technically-expert people get infected so fast and so frequently.

This latest nefarious antic certainly gave me pause: I use Google sponsored links all the time. And--clearly wrongly--the fact that they appear on the Google search results page has always increased my sense of their legitimacy. One more thing to put on my personal list.

What about you? What of all the continuous stream of malicious tricks particularly alarm you? Have you ever fallen for one? Has anyone near and dear to you been tricked into giving up sensitive data? Let us hear your stories.

More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
MGM, Caesars Cyberattack Responses Required Brutal Choices
Becky Bracken, Editor, Dark Reading
Do CISOs Have to Report Security Flaws to the SEC?
Evan Schuman, Contributing Writer, Dark Reading
NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII
Tara Seals, Managing Editor, News, Dark Reading
Cisco Moves Into SIEM With $28B Deal to Acquire Splunk
Jeffrey Schwartz, Contributing Writer, Dark Reading
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports