Tag Archives: NoScript

Comment Spam Is Dangerous BS!

imageIf you’ve ever wondered why comments on this site, and many other sites for that matter, are held for moderation by a site administrator, the simple answer is – comment spam, and the need to control it.

Without a doubt, comments are an important part of the mix for a technology site. Comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, comments are not without their share of issues; with comment Spam, in my view, being a significant problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam comments. Recently however, I’ve seen a major increase in the amount of comment Spam.

The following comment spam (full of praise – like many are), is just a small example of the type of nonsense Spam I deal with daily. (click on the screen capture to expand to original size – 1280 x 589).

image

Take a look at this one, and try to imagine the type of creep who would submit this as a comment.

image

Hard as it is to believe, there are many sites that rely only on a Spam filter to sort out the wheat from the chaff. Unfortunately, this complacency can lead to the posting of comment Spam that contains dangerous links. Links, which if followed, can lead to a malware site – guaranteeing a very painful experience. The comment shown above, for example, contains a number of malicious links.

Some advice:

Be cautious when following links contained in comments on any web site.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Be cautious following links on web forums. Forums can often be a source of dangerous links.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Interconnectivity, Internet Security Alerts, Malware Advisories, Online Safety, Software, spam, Windows Tips and Tools, WOT (Web of Trust)

Follow the Link and You “Takes Your Chances”

image Regular readers on this site are aware, that virtually all downloads I recommend, are linked to CNET (download.com).

There is good reason for this – CNET scrupulously audits hosted downloads and linked sites, to ensure they are not contaminated by malware.

But links on Blogs can be a special problem for surfers – particularly links contained in comments. Don’t get me wrong –  comments are an important part of the blogging mix.

Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam (some containing malicious links), being the leading problem.

Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook, and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a good job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam.

On this Blog, Akismet routinely captures about 90% of spam comments, according to my blog stats. In real number terms, Akismet has captured in excess of 60,000 spam comments here, in the past two years. But what about the other 10%? – some of which will contain malicious links?

As a matter of policy, I test every allowed link included in a comment, for safety.

Regretfully, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which are highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – any time I write on registry cleaners I can expect the following comment, (shown in the following screen capture), or one like it, to show up.

This comment included a link, to a free application, which supposedly is superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless, but if I’d allowed this comment to be posted (and I’ve seen this comment published many times over, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, here on Tech Thoughts, 10 or more comments (thankfully picked up by Akismet), contain malicious, or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable, or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

Use Norton DNS as an added safety precaution.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Explorer Add-ons, Internet Safety Tools, Internet Security Alerts, Online Safety, Safe Surfing, Software, spam, Windows Tips and Tools, WOT (Web of Trust)

A Message for Spam Commenters – WTF!

image For many Bloggers, particularly technology Bloggers, comments are an important part of the mix. Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam, in my view, being the leading problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

Let me throw some numbers at you. In the roughly two years I have been writing this Blog, there have been 67,000+ comments of which 59,000 +  have been Spam. In other words only 8,000 (approximately), have been legitimate comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a reasonable job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam. This is not as effective as it once was, since it’s now much harder to distinguish Spam comments from legitimate comments.

Except of course, for comments that look like these two examples from this morning:

Itboibltlx – fAHU7K kfyvjnunmugw, [url=http://avfqgyvilzvj.com/]avfqgyvilzvj[/url], [link=http://jlroercbkvod.com/]jlroercbkvod[/link], http://sjxsnveldoke.com/

Rzjulixnne – JvgMqE sakykccvvzrv, [url=http://dpbvrodxgikt.com/]dpbvrodxgikt[/url], [link=http://tiewycygcttc.com/]tiewycygcttc[/link], http://etukxnfppged.com/

When you see this type of comment, you have to wonder about these morons.

image

Since it takes time and effort to manually cull comments so that they are  relevant and Spam free, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which is highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – just this past week (and not for the first time), a site which is renown as a site that specializes in malicious content, left a comment which was not filtered by Akismet. This comment included a link, to a free application, which supposedly was superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless – but you pay me to be careful – right?

If I’d allowed this comment to be posted (and I’ve seen this comment published many times, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, 10 or more comments (thankfully picked up by Akismet), contain malicious or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Internet Safety, Malware Advisories, Online Safety, spam, Windows Tips and Tools

Dangerous Comment Spam – Deadly Links

image For many Bloggers, particularly technology Bloggers, comments are an important part of the mix. Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam, in my view, being the leading problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

Let me throw some numbers at you. In the roughly two years I have been writing this Blog, there have been 61,560 comments of which 55,957 have been Spam. In other words only 5,603 have been legitimate comments or, barely 1 in 10.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a reasonable job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam. This is not as effective as it once was, since it’s now much harder to distinguish Spam comments from legitimate comments.

image

Since it takes time and effort to manually cull comments so that they are  relevant and Spam free, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which is highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – just this past week (and not for the first time), a site which is renown as a site that specializes in malicious content, left a comment which was not filtered by Akismet. This comment included a link, to a free application, which supposedly was superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless – but you pay me to be careful – right?

If I’d allowed this comment to be posted (and I’ve seen this comment published many times, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, 10 or more comments (thankfully picked up by Akismet), contain malicious or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Firefox, Firefox Add-ons, Freeware, Internet Safety, internet scams, Malware Advisories, Software, Windows Tips and Tools

Blog Comments That Make No Sense

Some time ago, TechPaul, in his Blog Tech – for Everyone, wrote a great piece on why FireFox users’ would benefit by installing the NoScript add-on. If you’re not familiar with NoScript, the developer describes it this way:

“The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.”

So I was more than a little surprised, to see a recent reader comment referencing this article, in which the reader (a self described “web developer”), complained:

“Ok, great! Block Javascript, IFrames, Flash and the like. Why not go ahead and block web sites from loading on browsers from now on? At some point you have to get real about web browsing. What you are doing by spreading this so called information is causing panic, and making people scared to browse”.

My immediate response after reading this uninformed reader’s comment was – What planet are you living on? What internet are you surfing?  How could you be totally unaware of the following?

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Window shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Yes, uninformed reader, you must be right – TechPaul and the following informed users, and reviewers, must be wrong.

CNET News: “Giorgio Maone’s NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.” (March 9, 2009, Dennis O’Reilly, Get a new PC ready for everyday use)

Forbes: “The real key to defeating malware isn’t antivirus but approaches like Firefox’s NoScript plug-in, which blocks Web pages from running potentially malicious programs” (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).

PC World: Internet Explorer 7 Still Not Safe Enough because it doesn’t act like “NoScript […] an elegant solution to the problem of malicious scripting

New York Times: “[…] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC“, (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).

The Washington Post security blog compares MSIE “advanced” security features (like so called “Zones”) to Firefox ones and recommends NoScript adoption as the safest and most usable approach.

The final part of this uninformed reader’s self serving comment was as follows:

“ If you have half decent anti everything, the real nasties will be blocked by them and the need for these add-ons won’t be there. This is not great news for web developers!!!”

One of the aims of Bloggers like TechPaul, Sir, is to offer information to readers which allows them to determine, based on real information, what steps they need to take in order to enhance security to a level which is appropriate for their needs.

A self described “web developer”, such as you, would be well advised to keep the needs of his clients, and end users, uppermost in his mind. Otherwise,it seems to me, you may not remain a web developer, ‘”self described”, or otherwise, for very long.

6 Comments

Filed under Browser add-ons, Don't Get Hacked, Interconnectivity, Internet Safety Tools, Online Safety, Personal Perspective, Windows Tips and Tools