Internet security is a “sexy” business – one gets to work in the “dark side” of the Internet and is constantly challenged to stay ahead of the learning curve, develop new techniques, appliances and applications to protect Web sites, and attached devices and systems, from hackers, cyber-crooks, malware and while understated, terrorists.
Failure to protect the Internet, which by definition is an open network, has substantial penalties ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence and more. It’s this last one – a failure in consumer confidence that is the focus of this article.
In dealing with Internet security issues, I’m often frustratingly reminded of the “head in the sand syndrome” – if we ignore it will go away, if we ignore it then it can’t be real, if we ignore it will get better, anon. It’s no surprise then that a substantial security issue, well known to Google, which has failed to come up with an effective solution, continues to plague the Internet.
Those of us who are involved in Internet security know, and have known for a considerable time, that cyber-crooks are unrelenting in their chase to infect web search results. We know that there has been a steady increase in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.
For example, until quite recently (less than 3 weeks ago), a user searching for the following string on Google “Microsoft Office 2002 download” would have encountered a Microsoft.com redirection link as the first result. That link had been redirecting visitors to a malicious web site, that then launched a malware attack which included an attempt to convince victims to download rogue security software. Microsoft has since fixed the problem.
Equally as disturbing, seventy nine percent of compromised web pages tracked in the last year were on legitimate web sites; including web sites belonging to Fortune 500 companies, government agencies and ironically, security vendors.
If one were to poll a group of typical Internet users as to the safety and reliability of search engine results there is little doubt that the answer would be positive. Given that search engine results can be manipulated in the ways described above, and other ways, it is reasonable to ask the question – why aren’t typical Internet users aware of this situation.
Arguably, a case could be made that Google and others subscribe to the “head in the sand syndrome” – if we ignore it will go away, if we ignore it then it can’t be real, if we ignore it will get better, since to acknowledge this issue, and to give it the focus it deserves, would erode consumer confidence in the product. Good corporate thinking, huh?
Here’s a sample of what Internet users are facing, posted on the Internet just today, January 16, 2009:
“I’m the owner of the site http://www.xxxxxx.net. When anyone searches Google for our firm, the first result looks like the link to our site. But when anyone clicks on that result they get redirected to an alarming site that tries to sell fake spam software. The hijack site takes control of the browser! This is happening when our potential clients search for us! Help! If I type the address directly into my browser then it works fine. I submitted a spam report to Google a couple of days ago, but nothing has changed yet”.
So how do the crooks do it?
Common techniques used by cyber-criminals include the manipulation of search engine results, and the seeding of fake Websites among the top results returned by these engines. When a potential victim visits one of these sites (as described above), the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.
There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.
Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.
An additional method, employed by cyber-crooks is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.
So will Google address this issue? Sure, but only when malicious hackers finally force them to. Great business model Google!
Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.
Checkout Need Free Security Programs? – 10 Of The Best! on this site