How Safe Are Trusted Web Sites? Not Very!

image Just as you don’t believe in the Tooth Fairy, the Easter Bunny, or Santa Claus, you shouldn’t believe that legitimate and popular web sites, are always free of damaging content.

You know that the creatures mentioned above are comfortable myths. Just as the belief that popular web sites are always malware free is also a myth – a dangerous myth.

According to a recently released report from Websense Security Labs, 61 of the top 100 Internet web sites contain malicious content, and if that content doesn’t get you, these sites are capable of redirecting you to malicious sites.

Moreover, Websense went on to state that the number of malicious sites has grown by 233 % in the last 6 months alone. Worse still, malicious site growth has exceeded 600% in the last year.

I’ve noticed in the last week alone, that Wal- Mart’s community site and a popular song lyrics Web site Songlyrics.com, have both been attacked.  A visitor to the song lyrics Web site with the Java Plug-in for Browsers installed (Internet Explorer or Firefox) will get infected by a malware drive by download.

If you’re curious as to how this is accomplished, the following from my earlier article “Malware by Proxy – Fake Search Engine Results”, explains it briefly –

“Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine”.

image

Selected Stats from the Websense report:

77 percent of Web sites with malicious code are legitimate sites that have been compromised.

95 percent of comments to Blogs, chat rooms and message boards are spam or malicious. A personal example on this Blog – of the 46,575 comments received in the last 12 months, 41,943 were malicious or spam comments.

57 percent of data-stealing attacks are conducted over the Web.

85 percent of all unwanted emails in circulation contained links to spam sites and/or malicious Web sites.

69 percent of Web pages with content which many people classify as objectionable – Sex, Adult, Gambling, Drugs – had at least one malicious link.

37 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

The following security advice bears repeating:

To maximize your Internet safety and security, it’s important that you run with a browser security add-on.

The following are browser security add-ons that are noted for their effectiveness, although it is important to recognize cyber-criminals are crafty, and there is no one perfect solution.

Web of Trust (WOT)WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive and well deserved reputation. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

McAfee SiteAdvisorA free browser add-on that adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats.

Finjan SecureBrowsing Finjan SecureBrowsing searches major websites as well as search results for malicious content hiding behind links. By accessing and scanning destination URLs in real time, the add-on proactively warns you when a link is potentially dangerous.

ThreatExpert Browser DefenderThe Browser Defender toolbar allows you to surf safely by displaying site ratings as you browse the Internet. When you visit a site its address will be checked by our servers and a rating shown in the toolbar based on any malicious behavior or threats we have found associated with the site. The toolbar also integrates with the search results provided by popular search engines such as Google and Yahoo! so you can see if, in our view, it is safe to continue before you visit a site.

AVG Security Toolbar Free Edition AVG’s unique Search-Shield, available with the AVG Security Toolbar Free Edition, marks all web pages which are infected by zero day exploits and drive-by downloads. This powerful LinkScanner based technology works in real-time to provide comprehensive protection. Other programs rely on static databases and cannot protect you at the only time that matters – the time you click on a link.

TrendProtect TrendProtect is a free browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers billions of Web pages.

Additional ways to mitigate your risks while surfing the Internet:

Consider running your web browser in a sandboxed environment. Read “Sandboxie – A Freeware Sandbox App – Protect Your PC on the Internet”, for additional information.

Consider running your system in a virtual environment such as Returnil Virtual System Personal Edition.

Consider running your browser with the free GesWall intrusion prevention system.

Install the latest operating system updates, and patches, on your computer. This step is just common sense in all circumstances. Unpatched systems will be attacked!

Ensure you are using the latest version of your Internet Browser – known security holes in older Browser versions will be exploited!

Consider switching your Browser – experienced computer users tend to use FireFox as their principal Internet Browser, since the security add-ons which are available, offer substantial protection from exploits. No Browser however, is totally secure against exploits.

Turn off JavaScript in your Browser.

Install effective ant-malware solutions on your computer.

For additional information on protecting your computer, check out “The Best Free Spyware, Virus, and Browser Protection”, on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

9 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Safety, Internet Safety Tools, Software

9 responses to “How Safe Are Trusted Web Sites? Not Very!

  1. Pingback: How Safe Are Trusted Web Sites? Not Very! « Bill Mullins' Weblog … | Firefox Blog

  2. Mal

    Hey Bill,

    I read about that Java exploit. I don’t have it installed, because I don’t really need it. And in my wanderings on the internet, I use Sandboxie. Like you say though, nothing is perfect, that’s why my system is backed up with several top notch security apps.

    Cheers

  3. Hey Bill,

    I use WOT which is installed with the firefox add on. I have tried other ones like finjan but when you have too many, it slows down your searches.

    Thanks

    Tex

  4. very informative..thanks a lot..james

  5. I’ve had good results from using the WOT plugin in Firefox. It has enabled me to steer clear of numerous dodgy sites, some of which I never would have guessed were bad otherwise. The plugin is very light on system resources and doesn’t add any noticeable slowdown to searches, so why not use it? IIRC, the plugin is also available for IE and Chrome too.

  6. Pingback: Geek Squeaks’ of the Week (#56) « What's On My PC

  7. Pingback: Traditional AV Testing: File under ‘Irrelevant’ » CounterMeasures

  8. Pingback: Traditional AV Testing: Business Computing World

  9. Pingback: Norton DNS – Another Layer of Computer Security « Bill Mullins' Weblog – Tech Thoughts