Web of Trust (WOT) And Facebook Collaborate To Protect Users From Malicious Links

If you’re a Facebook user and you haven’t met a cybercriminal yet; hang in there – you will. Survey after survey continue to show that cybercriminals are picking off Facebook users as if they were shooting fish in a barrel.

Most cybercriminal schemes on Facebook are outrageous. But the bad guys know, that even the most outrageous schemes stand a better than average chance of being successful when targeted at Facebook’s largely unaware, and unsophisticated, user base.

With the collaborative effort announced today by Facebook and Web of Trust, WOT will now provide protection against dubious and malicious web links, that Facebook users continue to be exposed to. When a Facebook user clicks a link that leads to a page with a poor reputation rating as defined by the WOT community, Facebook will show a clear warning message.

Click on graphic to expand to original.

The plan is to roll out to US users 100% on May 12, and then the following week, after the translators have time to finish their work, roll out globally.

A quick reminder:

WOT’s Browser add-on users see reputation icons on Web sites, Google search results, email links, Twitter, as well as shortened URLs. WOT ratings are recalculated every 30 minutes to ensure users have the freshest and most reliable information. The free WOT add-on works in all web browsers and can be downloaded here.

You can read a full review on the benefits of adding WOT to your Browser here on this site – WOT (Web of Trust) – Is It The Most Important Browser Security Add-on You Need To Install?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free G Data CloudSecurity – Blocks Known Malware And Phishing Websites

As we reported several days ago in Search Engine Results – More Malware Surprises Than Ever!, poisoned search engine results have proven to be a gold mine for the bad guys who, naturally, continue to be unrelenting in their chase to infect web searches.

Since drive-by downloads, which don’t require user action to create an infection, are resident on many of these compromised sites, this is unhappy news for the unwary Internet user.

To reduce the chances that you will be victimized by malicious search engine results, you should consider installing an appropriate Browser add-on, or if necessary, add-ons, to increase your safety margin. A list of recommended add-ons follows later in this article. But first, take a look at a new Firefox/Internet Explorer add-on, G Data CloudSecurity – passed on by regular reader Charlie L.

According to G Data, the plugin “effectively blocks access to known malware distribution and phishing websites – in real time. The plugin can be used alongside any other installed security suite and is ready for action after installing; no additional configuring required.”

Taking advantage of this service couldn’t be easier. Simply download the setup application, and execute. Following installation, you’ll notice a new icon in your browser which indicates  G Data CloudSecurity is up and running.

Clicking on the icon opens a dropdown menu which provides access to a number of functions.

The screen capture below shows G Data CloudSecurity in action – blocking a suspicious, or dangerous Web site.

Fast facts:

Compatible with all other security products

Prevents access to malware and phishing websites

Install once – no updates required

PC performance remains unaffected

Download at: Developer’s site. (G Data)

Additional Internet Browser Protection:

It’s not prudent to rely on only one form of protection, it seems to me, so take a look at the following browser security add-ons that are noted for their effectiveness.

It’s important to recognize that cyber-criminals are crafty, and there are no perfect solutions.

Web of Trust (WOT) – WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive and well deserved reputation. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites. (installed on my computer)

Search Engine Security – Search Engine Security turns the table on the bad guys by using using a technique familiar to most hackers – appearing to be something you’re not. Or, more properly, appearing to come from a location you’re not really at. (installed on my computer)

Basically, the add-on changes the HTTP referrer (selectable by you), in the search string so that when you click on a returned link it appears to the link site that you have not arrived from Bing, Google, or Yahoo.

McAfee SiteAdvisor – A free browser add-on that adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats.

ThreatExpert Browser Defender – The Browser Defender toolbar allows you to surf safely by displaying site ratings as you browse the Internet. When you visit a site its address will be checked by our servers and a rating shown in the toolbar based on any malicious behavior or threats we have found associated with the site. The toolbar also integrates with the search results provided by popular search engines such as Google and Yahoo! so you can see if, in our view, it is safe to continue before you visit a site.

AVG Security Toolbar Free Edition – AVG’s unique Search-Shield, available with the AVG Security Toolbar Free Edition, marks all web pages which are infected by zero day exploits and drive-by downloads. This powerful LinkScanner based technology works in real-time to provide comprehensive protection. Other programs rely on static databases and cannot protect you at the only time that matters – the time you click on a link.

TrendProtect – TrendProtect is a free browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers billions of Web pages.

Bottom line:

While G Data CloudSecurity does what it says it will do, my personal preference is unchanged. WOT (Web of Trust), backed up by Search Engine Security, is a more appropriates solution.

I’ve reviewed and recommended a bag full of Browser security add-ons in the past few months, or so. No disrespect intended to those developers who have the public’s interest at heart when they develop Browser security add-ons, but…..

Am I the only one who thinks that building protection into my Brower in this potluck fashion, has reached the height of ridiculousness?

Isn’t it long past the time, when a Browsers should be built with the most appropriate form of protection already on board?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

WOT (Web of Trust) – Is It The Most Important Browser Security Add-on You Need To Install?

It would be difficult for regular readers of this site not to be aware, that I write consistently on the importance of Internet Browser protection.

In fact, we’ve covered 20 or more Browser add-ons here in the past few weeks – from add-ons that add functionality, to those that promise to provide additional security.

All this coverage of Browser add-ons rattled my Brain somewhat, and got me thinking about the single most important add-on I have installed – the add-on I couldn’t do without.

Based on the way that I surf the Web, there was no contest. Of the 17 add-ons I have installed on Firefox, the hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust). I don’t think I’m alone in this assessment.

I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet.

In fact, just under 6,000 Tech Thoughts readers have installed WOT in the last two years – according to today’s download stats.

And why not. Security starts with the Web Browser, and WOT substantially reduces the risk exposure, that comes with wandering through the increasingly risky neighborhood that the Internet has become.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 30 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Nude Pics Of Your Wife/Girlfriend Attached – Click Here

We’ve all heard it – “Have any nude pictures of your wife? “Want to buy some?” It’s an old joke, but the Internet has given the “ Want to buy some?”, new meaning.

Straight from the headlines here in Canada – Judge temporarily off bench over online sex photos. Since this women is an Associate Chief Justice, I suppose the idea that one could view her (absent her clothes), on the Internet, makes this a titillating newsworthy event. I won’t get into the whole story here, but there’s a 67 Million dollar lawsuit involved.

In the broader sense though, it’s not much of a story. The particulars in this case may be unusual, to some extent, but the concept certainly isn’t. Google –  “pics of your wife”, and be prepared for 262,000,000 links. I must admit, I was taken aback with the sheer volume of the results. It seems as if nude wife pictures has a certain cachet!

It’s no surprise then, that Cyber-crooks continue to use the “pictures of your wife” social engineering email hook, to entice potential victims to click on an email containing a link to that all time spamming champion – Canadian Pharmacy, which is (no surprise here), controlled by a Russian botnet.

So, what would you have done if you had received the following email in your inbox this morning? Would you have been curious enough to read the email shown below – including clicking on the enclosed .jpeg.

Hello,

I apologize for my frankness. I’m sorry for not being able to speak to you in person, but I can only talk to you via email and I feel obliged to notify you to open your eyes, you are being betrayed.

I know it is difficult to prove, but every picture tells a story, I’ll send you these pictures so that you can see it with your own eyes. Take care…a big hug

From a good friend who is very fond of you

View photos here

As part of what I do, I occasionally follow emails like this all the way down the trail. And, in this case, I ran both the attached .jpeg, and the site, (before opening either one), through VTzilla, an Internet Browser malware checking add-on. The initial 7 engine scan showed the site to be safe. A follow-up scan with all 43 engines produced the same result – a safe site.

OK, that was cool – Firefox, Google Safebrowsing, Opera, Paretologic, Phistank, and TRUSTe, amongst others, gave this site a clean bill of health.  So, I should have felt confident in opening this site, right? Well, not quite. There was one problem – I KNOW this is an unsafe site!

On attempting to open the site though, WOT, another Internet Browser security add-0n, intercepted the connection and overlaid the following warning.

Clicking on the “View rating details” button, gave me the following site information.

Here’s the point of all this:

Do NOT open titillating, or salacious emails, no matter how tempting.

Do NOT trust to a single Browser security add-on to protect you on the Internet. Any statement to the contrary is sheer BS. No such single tool exists.

I encourage you to add WOT to your Browser. For more information on this critical add-on please read – Safe, Secure Browsing, with Free WOT Browser Add-on, on this site.

For a listing of additional Browser add-ons, please read – An IT Professional’s Must Have Firefox and Chrome Add-ons, on this site.

In the final analysis, in this particular case, no harm was done. I can of course, look forward to a barrage of spam email, directed at my honeypot email account, from this botnet.

I should point out however, that of the five emails (with the heading “Your wife’s pics”), I’ve tested in the last six months, three downloaded Trojans to my test machine.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free Qualys BrowserCheck – Spot Plug-in Security Flaws In Your Browser

Yesterday, I wrote on the Secunia Personal Software Inspector (PSI), and I mentioned in the article, that each week I receive the Qualys Vulnerability Report from Qualys, a security industry leader in vulnerability assessment, and vulnerability management.

Although Qualys is a major player in the enterprise market, at the personal consumer level, most users will not be familiar with this company. I found it interesting then, that Qualys recently released a free consumer level security tool, BrowserCheck, which will check your web browser for selected security holes in both the browser, and browser plug-ins. Not add-ons, but plug-ins.

Take a look at what Qualys CEO, Philippe Courtot has to say on Browser plug-ins, and security –

Almost 100 percent of all browsers we have surveyed have plug-ins installed that enable the user to play music, watch video, visualize PDF files and play games.

Frequently these plug-ins are overlooked by the users and are not updated, representing a significant security exposure – both for end-users and corporate clients.

I must admit, I find nothing to disagree with in that statement.

BrowserCheck is itself a plug-ins, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, and you’re all set.

My first test run was on Internet Explorer 8, as the following screen captures show.

As the scan results indicate – my Internet Explorer 8 is in good shape.

With Firefox running, the results looked like this. It seems I’ve been bad, and not kept my Firefox updated. There’s good reason for this – FF 3.6.6 is slower than molasses (at least on my test machine), and I choose to roll back to FF 3.6.4

Nevertheless, to complete the test, I clicked on the  “Fix it” button which immediately took me to the Firefox update site, so that I could download the latest version of Firefox.

Fast facts: The following items are detected:

Windows OS support expiration

Browser version (IE 6.0+, Firefox 3.0+, Chrome 4.0+)

Adobe Flash Player

Adobe Reader 5.x and above

Adobe Shockwave Player

Apple Quicktime

BEA JRockit

Microsoft Silverlight

Microsoft Windows Media Player

Real Player

Sun Java

Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

As an added security measure, take BrowserCheck for a test drive. According to available information, all major Windows web browsers are supported.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Follow the Link and You “Takes Your Chances”

Regular readers on this site are aware, that virtually all downloads I recommend, are linked to CNET (download.com).

There is good reason for this – CNET scrupulously audits hosted downloads and linked sites, to ensure they are not contaminated by malware.

But links on Blogs can be a special problem for surfers – particularly links contained in comments. Don’t get me wrong –  comments are an important part of the blogging mix.

Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam (some containing malicious links), being the leading problem.

Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook, and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a good job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam.

On this Blog, Akismet routinely captures about 90% of spam comments, according to my blog stats. In real number terms, Akismet has captured in excess of 60,000 spam comments here, in the past two years. But what about the other 10%? – some of which will contain malicious links?

As a matter of policy, I test every allowed link included in a comment, for safety.

Regretfully, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which are highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – any time I write on registry cleaners I can expect the following comment, (shown in the following screen capture), or one like it, to show up.

This comment included a link, to a free application, which supposedly is superior to the free application I recommended in the article.

The comment itself looks harmless, but if I’d allowed this comment to be posted (and I’ve seen this comment published many times over, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, here on Tech Thoughts, 10 or more comments (thankfully picked up by Akismet), contain malicious, or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable, or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

Use Norton DNS as an added safety precaution.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

LastPass Password Manager – Secure Your Passwords and User Names

Popular guest writer, Glenn Taggart, tells you why he made the move from free KeyPass, to free LastPass, to protect his usernames/passwords, while online.

I finally got fed up with trying to remember all of my darned passwords for the various websites I visit. I think I’m somewhere around 30 different usernames and passwords.

Being a freak about security, I don’t have the same password, or username, for anything. Also, my passwords are long and not the type that I can remember since they all have letters, numeric, and various characters in them. My philosophy on passwords is – if you are gonna try to crack me, you’re gonna spend some time doing it.

I still recommend you encrypt your financial usernames/passwords (if they aren’t the type you can’t remember), and keep them local, as opposed to online in the cloud. For the non financial usernames/passwords, I highly recommend you use LastPass.

LastPass is a great local and cloud application that can sync your usernames/passwords from computer to computer. You load in the information and LastPass will autofill both your username and password.

All you have to do is set up one username and one password to access LastPass. LastPass is encrypted, so it would be pretty difficult for someone to access your information without your username and password.

I use three computers on a regular basis – Laptop, home desktop, work desktop. With LastPass, all of my usernames and passwords are a click away.

I know many of you use KeyPass. I have been trialing both programs, and have decided LastPass is my favorite.

LastPass integrates well with all browser platforms and is free to use!

Fast facts:

Automatically log into your websites.

Fill complex website forms with a single click.

Share logins and confidential data with friends.

Seamlessly synchronize your data across multiple computers.

Generate secure random passwords.

Login using an on-screen keyboard.

Create One Time Passwords to use when traveling.

Watch the video on LastPass Basic Instructions: Provides basic introductory instructions on how to use LastPass.

System requirements: Windows 2000, XP, 2003, Vista, Server 2008, Win 7.

Download at: LastPass.com

Guest Writer: This is a guest post by Glenn Taggart of The Crazy World of G, one of the hardest working people I know, who brings a background as a high level super user, to the Blogging world.

Drop by Glenn’s freeware page.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free KeyScrambler – Encrypt Your Internet Input

KeyScrambler Personal – A Must Have Browser Plug-in

This article was prompted by a situation one of my Blogging buddies ran into recently. Apparently, a friend of his was having a problem with his Internet connection, and major problems with his email sign-ins.

This problem, as it turned out, was a typical case of a compromised password – not a particularly unusual event. To ensure your passwords are as safe as you can make them, consider adding KeyScrambler Personal to your Browser.

KeyScrambler Personal is a free plug-in for FireFox, Internet Explorer, and Flock web browsers which protects all input you type into the browser, by encrypting your keystrokes at the kernel driver level.

Cyber-crooks are relentless in their pursuit of your money and let’s face it – it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Despite the best efforts of AntiSpyware, AntiVirus, and other Internet security products, you still face substantial risks while surfing the Internet. One type of malware that can expose you to financial risk is the Keylogger.

A Keylogger is a form of spyware which, once installed on a computer, can record every keystroke that is made on that computer, and transmit those keystrokes back to a cyber-criminal. The function of a Keylogger is to steal passwords, bank account numbers, and other personal information.

When you type on your keyboard, the input travels along a path within the operating system before it arrives at your browser. Keyloggers plant themselves along this path and observe and record your keystrokes. The compromised information is then sent to the cyber criminal who will exploit your passwords, bank account numbers, and other personal information.

By encrypting your keystrokes at the keyboard driver level, deep within the operating system, a Keylogger can be beaten since it can only record the encrypted keys, which are indecipherable.

Unlike AntiVirus and AntiSpyware programs that depend on recognition to remove Keyloggers that they know about, KeyScrambler will protect you from both known and unknown Keyloggers.

I’ve been using this great little plug-in for over a year and I feel more secure logging in than I once did. Despite this, I change all of my passwords frequently, since doing so, is just common sense.

Quick facts:

Protects user input in all parts of the browser against key-loggers.

Protects login credentials, credit card numbers, passwords, search terms and more

Works with IE, FireFox, and Flock: Java, Flash, PDF Forms

Email protection including Yahoo, Hotmail, and Gmail.

No learning curve.

Protects against Keyloggers even on security compromised computers

Requires no effort on your part after installation

In the top 5 FireFox Extensions for security and privacy

System Requirements: Windows 2000, 2003, XP, Vista (32-bit and 64-bit), and Windows 7 (32-bit and 64-bit).

Download at: Download.com

Setting your password correctly is vitally important to ensure your safety and privacy, on the Internet. Read how to do this correctly by visiting TechPauls site, and taking a look at “A Word About Words — Passwords, That Is”, which includes a link to a freeware application which makes password management a snap.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Nightmare Scareware – Be Prepared

Scareware, otherwise known as “rogue security software”, is the stuff of nightmares.

Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups and system tray notifications.

Delivery methods used by these parasites include Trojans, infected websites, misleading advertisements, and Internet Browser security holes. They can also be downloaded voluntarily, from rogue security software websites, and from “adult” websites. As one of my friends put it “It’s easy to be bitten by a dog like that”.

The average computer user that I speak with informally, has no idea that rogue applications exist. But they do, and cyber crooks are continuing to develop and distribute scareware at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet. It’s fair to say; distribution has now reached virtual epidemic proportions.

One of my Internet friends runs a specialized site, 411 Spyware , that deals specifically with malware removal advice, and virtually every day, she posts an article on a newly discovered scareware application.

Scareware is designed to continue to load on boot up, and will then generate its fake or false malware detection warnings. Even if the victim is tricked into paying for the “full” version, scareware will continue to run as a background process, incessantly reporting those fake or false malware detection warnings we talked about earlier. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

While it’s true that reputable anti-spyware software is often capable of detecting rogue software if it attempts to install, this is not always the case. Anti-malware programs that rely on a definition database can frequently be behind the curve in recognizing the newest threats.

It’s all about the money:

So how much money is involved here? Lots – according to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through scareware attacks.

At a personal level, I have heard some horrendous stories from readers where the common thread has been the debiting of their credit cards, multiple times, by the cyber-criminals responsible for the distribution of scareware.

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Computer Infection? – Search Engine Links Might Be The Culprit

Search engines, including Google, do a relatively good job of scanning their index for potentially dangerous sites. Nevertheless, scanning does not detect all potentially dangerous sites – not even close.

According to Dasient, a Web Anti-malware developer – using a proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web, they concluded that more than 560,000 Web sites, and 5.5 million pages, were infected with malware in the fourth quarter of 2009.

Keep in mind that these infected sites and pages have, in most cases, been indexed by search engines.

We should all be aware by now, that cybercriminals are masters at seizing opportunity, and in the current environment, Internet search engine results provide just that.

Consider this: if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive.

This is an image of Google search results that link to malware infected sites, courtesy of Sunbelt Software.

Paradoxically, it’s because current anti-malware solutions are more effective than they have ever been in detecting worms and viruses, that we’re now faced with yet another form of insidious attack – the drive-by download, resident on many of these compromised sites.

Drive-by downloads, which don’t require user action to create an infection, are not new; they’ve been lurking around for years it seems, but they’ve become much more common, as these statistics indicate.

Given that search engine results can be manipulated in this way (see “Search Engine Results – Malware Heaven!” on this site), it’s reasonable to ask the question – why aren’t more typical Internet users aware of this situation?

The obvious answer is – search engines make little or no effort to educate their users in the risks involved in relying on search results, or advertisements, appearing in their applications.

As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

Fact: The ongoing failure to protect the Internet, which by definition is an open network, will continue to expose users to substantial penalties; ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence, and more.

I’ve said it before, and I’ll say it again – an argument can be made, that the Internet has turned into a playground for cyber-criminals.

So will search engine providers address the issues described in this article? Sure, but only when outraged consumers finally force them to. Great business model!!

To reduce the chances that you will be victimized by malicious search engine results, you should consider installing WOT, which in my view, is the best Internet browser protection available. WOT, a free browser add-on, is designed to warn you of unsafe, or malicious links.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.