Newsmaker: Don't be so quick to click that Web page

(continued from previous page)

What happens with typical Web threats? What do these things do to your computer or what do they attempt to do?
Genes: They attempt to convert your computer into a bot. It could be a spambot or it could be a distributed denial-of-service attack bot. It could be a key logger, an information stealer. It tries to use your computer power.

Most of the bots we see are really to create spam on the infected machines. They also attempt to use them for distributed denial-of-service attacks, to hold people ransom and to attack them with a lot of computers. The third thing they try is, of course, to function as an information stealer. It is trained to recognize the format of your credit card while you type in the number or while you do your online purchases. It will look for certain keywords and documents.

You talked about using a different browser or using a virtual machine. Should corporations do the same things or are there different things you recommend?
Genes: No. Based on user behavior this will just be difficult to enforce. And of course, there's a loss of productivity. Some companies are pretty radical about what they're using...and they strictly define what is allowed within a corporate environment. For instance, whether (instant messaging) is allowed or if peer-to-peer networking is allowed.

In a corporate environment this could be company-threatening. Maybe the malware hasn't been targeted to actually attack the company. But guess what happens when the attacker sees a lot of documents or a lot of stuff that's confidential? He will try to sell it.

What's the breakdown between e-mail threats versus the Web threat definition?
Genes: There is an increase in Web threats compared with normal worms...the number of worms has increased by 22 percent since first-quarter 2005, while Web threats have increased by 540 percent.

Would you call this a new era of threats or is there no such big word needed to describe Web threats?
Genes: I wouldn't call it a new era, it's just logical. Nowadays, the bad guys try to make money out of it. To make money they have to control something as long as possible. And they have to update it because the bot, after a certain amount of activity, gets outdated in about a week.

More Newsmakers

[shane--2008]

and still...

99.999% of these threats will only work with a microsoft product.

and people still don't understand.

[cascadia4]

and you don't think...

And you don't think that as market share transfers to Linux or Mac that the people who build these malicious codes won't turn their attention to those operating systems?

[Below Meigh]

What a foolish response!

Or should I state, ignorant response? Myspace had many faults with embedded problems loading QT movies that users had on their sites. It was more than a week after the nefarious issues was public that Apple released fixes for QuickTime. Yes, Windows is a serious of holes, but don't think that there aren't issues with Linux nor Mac OS X. Once the malicious find a hole, they'll exploit it, and sooner than it will (eventually) get fixed.
Being naive to the internet's insecurities is the reason there are problems to begin with.

[cowtown75]

Web security - Identifying Malicious URL's

I would like to recommend on a very useful and FREE Web safety plug-in called Finjan Secure Browsing.
It adds safety ratings to URLs showing on search results and popular websites, to help protect you from spyware, adware and other web-borne threats. This cool plug-in scans URLs in real-time using unique proactive security technologies. This morning it helped me avoid one when I was using the web to get the distance from Columbus, Ohio to Tashkent, Uzbekistan.

To try Finjan Secure Browsing, go to http://securebrowsing.finjan.com/.
Its free.

[Penguinisto]

phishtank works well too

-it was originally built to warn folks of phishing sites launched from email. Google, Firefox as well as Opera (I think?) use it as a realtime blacklist of suspicious sites.

Can't see why it couldn't be expanded on a bit...

/P

[hadaso]

If you don't want a website to install malware on your PC jusr don't let it

Don't browse the web with administrative privileges. There is no reason to give every website the right to administer your machine (and then use an obscure browser an tons of "security products" to try to overcome the damages of the malware you let in through your front door!

[Macsaresafer]

Lots of Windows software has admin rights.

You may not be logged in as an admin, but your software can easily
get those rights. If you really don't want this to happen, you need
to use a safer operating system. None are 100% safe, but ALL of the
alternatives are much safer than Windows.

[Dr_Zinj]

Web pages eh?

Now that brings to mind a neat infection concept.
"Binary munitions" or in this case, multi-partite malware. Browse site one and it stuffs a peice in your RAM, browse site two and it sticks another peice in your RAM, etc until it accumulates all the peices, one or more of which activate the program when conditions permit it.

[mhinnewyork]

DropMyRights can help

The free DropMyRights program can run any application in restricted mode while the user is logged on as an admin. See this article from my Defensive Computing blog at blogs.cnet.com.

Every Windows XP user should drop their rights
http://www.cnet.com/defensive-computing/8301-13554_1-9756656-33.html