Malicious links/sites – to click or not to click, that is the question.
Drive-by Download (don’t even have to click!)
Search engines tricked to present malicious/bogus result near the top of your search results (aka Blackhat Search Engine Optimization (SEO) Poisoning )
Real K-State Federal Credit Union web site Fake K-State Federal Credit Union web site used in spear phishing scam
Spear phishing scam received by K-Staters in January 2010
The malicious link in the email took you to an exact replica of K-State’s single sign-on web page hosted on a server in the Netherlands which will steal your eID and password if you enter it and “Sign in”. Note the URL highlighted in red – “flushandfloose.nl”, which is obviously not k-state.edu
Beware of email supposedly from US companies with URLs that point to a non-US domain (Kyrgyzstan in example below) From: Capital One bank <email@example.com> URL in msg body: http://towernet.capitalonebank.com. mj.org.kg /onlineform/
IE8 highlights the actual domain name to help you identify the true source. Here’s one from an IRS scam email that’s actually hosted in Pakistan:
Major ad networks (aka “ad aggregators”) affiliated with Google (e.g. Doubleclick.com), Yahoo (yieldmanager.com), Fox and others, covering more than 50% of online ads, have been infiltrated with “poisoned ads” containing malicious code (Source: Avast! )
The scary thing is you don’t even have to click on anything – just visiting a site with malicious code can initiate a download that installs malware on your computer without you knowing it.
Symantec claims every one of the top 100 websites in the world have served up malicious code at some point
Commonly used to promote fake antivirus software (aka “scareware” or “extortionware”) – make you believe your computer is infected with lots of malware, enticing the nervous user to “Click Here” to buy fake security software for $30-$100, plus they steal your credit card information
Can be used to infect your computer with any malware – keyloggers, Trojans, Torpig, …
Malware changes at a very rapid rate to escape detection by AV software; hackers test their malware against 40 popular AV products at virustotal.com before launching
Legitimate web server compromised (often due to a vulnerability in a content management system) and SEO poisoning code loaded (usually a PHP script)
When the PHP script determines a search engine “crawler” (Google, Bing, MSN, Yahoo, AOL, etc.) is making the request for the web page, it returns content filled with lots of info appropriate for the event it’s trying to mimic (keywords, phrases, other high-ranking URLs about the event, images and videos copied high-ranking sites)
They’ll also harvest search engine results to extract popular phrases used to search hot topics (ie, they let the search engines do the research for them!)
When PHP code determines it is a user, not a search engine, visiting the site, it redirects them to a malicious site to try to infect their computer or just pop-up bogus security warnings and try to get them to buy the fake antivirus software (i.e., you’re not always infected when you’re tricked into clicking on the link)
The redirection domain name can change as often as every 10 minutes, based on instructions from a “command & control” server making it harder to identify
InPrivate Browsing – good if using a public computer in a lab or Internet Café since it leaves no trace of your browsing activity. The cache (“temporary Internet files” which are local copies of content from web sites you visited recently), cookies, and browser history (web address of sites you visited recently) are not stored.
ActiveX in IE historically been a security concern but is less of a target these days
If you use IE6 or IE7, upgrade to IE8 because of significant security improvements plus application compatibility
Stay away from questionable sites
Some gaming sites
Peer-to-peer file sharing applications are dangerous since they too have been infiltrated with malware; the movie you download may also have malware attached to it that will infect your computer when you try to run the movie.