Web Site Spoofing – The Danger of Public Proxy Servers

A week or so ago I wrote an article on Surfing on Public Computers? – Stay Anonymous in which I stated, “You have a number of choices when it comes to anonymous surfing. You can use a free proxy server service; not my personal first choice – but that’s fodder for another article!” 

Now comes word from Panda Security that in some cases public proxy DNS’s, the database that associates numeric IP addresses (206.4.XX.XXX) with URLs, microsoft.com for example, have been known to have been modified. 

The modification consists of changing the legitimate association for a fraudulent one, so that when users type a specific URL, they are redirected to a fraudulent page.  For example, if users try to log onto their banking web site, the server could redirect them to a phishing site which resembles the legitimate page, but which is designed to steal their bank details.

According to Luis Corrons, Technical Director of PandaLabs, “The danger of this type of attack is, users with malware-free, up-to-date computers with a good firewall, etc. could fall victims to these attacks”. 

To reduce the risk of phishing attacks it’s important not to use anonymizer services if you’re accessing sites at which confidential data (e.g. online banks, pay platforms, etc.), is being transmitted. 

It’s equally as important that you use a browser add-on such as McAfee Site Advisor, LinkScanner Lite, or WOT (Web of Trust), so that you have a first line of defense against this type of attack. 

If you’re interested in learning more about web spoofing, there is an excellent article at Princeton University’s web site entitled Web Spoofing: An Internet Con Game

Don’t Have McAfee Site Advisor? Then How Do You Know Where You Are on the Net?

Would you wander through a neighborhood that you were unfamiliar with? One which might possibly be full of predators? Well of course you wouldn’t.

However, if wander through the Internet without the aid of SiteAdvisor, a free Internet service from McAfee, (the plug-in is available for Internet Explorer/ Firefox) that tests web sites you are visiting for spyware, spam, viruses and online scams, this is close to what you are doing.

According to McAfee, this service is based on a huge database with detailed test results for more than 100,000 pieces of software, and which covers more than 90% of the world’s Web traffic. The service integrates with search engine results from popular search engines such as Google, Yahoo, etc.

The plug-in’s icon, which is added to your browser toolbar, displays a color rating for each site you visit, which indicates whether a site is safe to use, or should be used with caution.

Site Ratings:

• Green – Safe: McAfee has tested the site and didn’t find any significant problems.
• Yellow – Caution: McAfee has tested the site and advise there are some issues you should consider.
• Red – Warning: McAfee has tested the site and found some serious issues that you need to carefully consider before using this site.
• Grey – McAfee has not yet tested the site, or the site is in the process of being tested.

 

According to McAfee’s own research, 90% of U.S. consumers on the Internet make use of search engines, and 80% of Web site visits originate from these search queries. Additionally, McAfee stated their May 2006 Search Engine Safety study revealed, search engines expose users to dangerous sites posing security risks including spyware, spam, and scams.

Surf more securely by adding this browser add-on which will provide you with an in-depth site analysis based on real world test results. Always keep in mind however, that you are your own best protection. Stop · Think · Click

Download this browser add-on at McAfee