Search Engine Malware – The Same Old, Same Old

In the News within the past 3 days –

Web security firm Armorize – over 6 million e-commerce web pages have been compromised in order to serve malware to users.

Ed Bott Report – criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.

Not in the News –

The specifics may be news but, this particular malware attack vector is so old I’m surprised that more Internet users aren’t aware of it. No, I take that back – based on a conversation I had just last night.

Me: “So, what antimalware applications are you currently running?”

She: “Well, I can cut and paste and I can get on the Internet, but I don’t worry about all that other stuff. I don’t understand it anyway.”

I’m well past the point where I allow myself to show surprise when I hear this type of response – it’s just so typical. Given that level of knowledge, it’s hardly surprising then, that consumer confidence in the reliability of search engine results, including relevant ads, is taken for granted.

I’ve yet to meet a typical user who would consider questioning a search engine’s output as to its relevant safety.  It’s been my experience, that typical Internet users blindly assume all search engine results are malware free.

This, despite the reality that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

Here’s how the cyber crooks do it:

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The following comment (posted here March 15, 2011), illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free G Data CloudSecurity – Blocks Known Malware And Phishing Websites

As we reported several days ago in Search Engine Results – More Malware Surprises Than Ever!, poisoned search engine results have proven to be a gold mine for the bad guys who, naturally, continue to be unrelenting in their chase to infect web searches.

Since drive-by downloads, which don’t require user action to create an infection, are resident on many of these compromised sites, this is unhappy news for the unwary Internet user.

To reduce the chances that you will be victimized by malicious search engine results, you should consider installing an appropriate Browser add-on, or if necessary, add-ons, to increase your safety margin. A list of recommended add-ons follows later in this article. But first, take a look at a new Firefox/Internet Explorer add-on, G Data CloudSecurity – passed on by regular reader Charlie L.

According to G Data, the plugin “effectively blocks access to known malware distribution and phishing websites – in real time. The plugin can be used alongside any other installed security suite and is ready for action after installing; no additional configuring required.”

Taking advantage of this service couldn’t be easier. Simply download the setup application, and execute. Following installation, you’ll notice a new icon in your browser which indicates  G Data CloudSecurity is up and running.

Clicking on the icon opens a dropdown menu which provides access to a number of functions.

The screen capture below shows G Data CloudSecurity in action – blocking a suspicious, or dangerous Web site.

Fast facts:

Compatible with all other security products

Prevents access to malware and phishing websites

Install once – no updates required

PC performance remains unaffected

Download at: Developer’s site. (G Data)

Additional Internet Browser Protection:

It’s not prudent to rely on only one form of protection, it seems to me, so take a look at the following browser security add-ons that are noted for their effectiveness.

It’s important to recognize that cyber-criminals are crafty, and there are no perfect solutions.

Web of Trust (WOT) – WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive and well deserved reputation. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites. (installed on my computer)

Search Engine Security – Search Engine Security turns the table on the bad guys by using using a technique familiar to most hackers – appearing to be something you’re not. Or, more properly, appearing to come from a location you’re not really at. (installed on my computer)

Basically, the add-on changes the HTTP referrer (selectable by you), in the search string so that when you click on a returned link it appears to the link site that you have not arrived from Bing, Google, or Yahoo.

McAfee SiteAdvisor – A free browser add-on that adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats.

ThreatExpert Browser Defender – The Browser Defender toolbar allows you to surf safely by displaying site ratings as you browse the Internet. When you visit a site its address will be checked by our servers and a rating shown in the toolbar based on any malicious behavior or threats we have found associated with the site. The toolbar also integrates with the search results provided by popular search engines such as Google and Yahoo! so you can see if, in our view, it is safe to continue before you visit a site.

AVG Security Toolbar Free Edition – AVG’s unique Search-Shield, available with the AVG Security Toolbar Free Edition, marks all web pages which are infected by zero day exploits and drive-by downloads. This powerful LinkScanner based technology works in real-time to provide comprehensive protection. Other programs rely on static databases and cannot protect you at the only time that matters – the time you click on a link.

TrendProtect – TrendProtect is a free browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers billions of Web pages.

Bottom line:

While G Data CloudSecurity does what it says it will do, my personal preference is unchanged. WOT (Web of Trust), backed up by Search Engine Security, is a more appropriates solution.

I’ve reviewed and recommended a bag full of Browser security add-ons in the past few months, or so. No disrespect intended to those developers who have the public’s interest at heart when they develop Browser security add-ons, but…..

Am I the only one who thinks that building protection into my Brower in this potluck fashion, has reached the height of ridiculousness?

Isn’t it long past the time, when a Browsers should be built with the most appropriate form of protection already on board?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cybercrime 101 – Advertise On A Search Engine For Success

If you want to enhance your chances of being a successful cyber scam artist/cybercrook, you need to; look the part and act the part, of a successful Internet business organization.

How hard is that? Not hard at all when you consider all you need to do is offer a product that appears genuine, and perhaps most importantly – advertise in readily available and trusted media.

So, if you want to succeed in the $105 BILLION “Internet shadow economy”, advertising your “product” on an Internet search engine, could be a major step in helping you reach your financial goals.

Why an Internet search engine? Well, if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive. In a sense, search engines impart instant legitimacy.

Part of the process of offering a product that appears to be genuine, would include producing and promoting a Web site that instills confidence in those unlucky enough to click on your ad, such as the site pictured below for ErrorSmart.

But, here’s what 2-Spyware.com has to say about ErrorSmart:

Error Smart is not an anti-spyware as it says but a smart new scam luring online for victims. Usually, ErrorSmart must be downloaded and installed manually from promoting website, but sometimes it is distributed by trojans. Error Smart is presented as reputable security tool, but the facts speak differently.

It compromises the system by disabling firewalls and other security applications. It displays large numbers of fabricated security reports that are partially true because Error Smart is able to download additional computer parasites on the infected computer.

On top of that, Lavasoft’s Ad-aware, sees ErrorSmart as a Rogue application as the following graphic indicates.

But hold on! Given that search engine results can be manipulated, or worse (see “Search Engine Results – Malware Heaven!” on this site), it’s reasonable to ask the question – why aren’t typical Internet users aware of this situation?

The simple answer is – search engines make little, or no effort, to educate their users in the risks involved in relying on advertisements appearing in their applications. As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

A user looking for a review of ErrorSmart, for example, has a reasonably good chance of finding the following review:

ErrorSmart uses the industry’s most advanced error-resolution technology and puts it to work for you. By scanning your hard drive, analyzing the errors and correcting the problems, ErrorSmart can restore your system performance and increase startup speed by up to 70 percent.

Whether it’s incomplete uninstalls, failed installations, driver issues or spyware infections that are affecting your PC, ErrorSmart will rid you of your computer problems in just minutes.

However, the graphic below, illustrates WOT users’ reactions to this article.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

ErrorSmart (the site pictured earlier), a “scareware/rogueware” application developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false positives generated by the application, has been “advertised” for months on a number of leading search engines.

If you think this is a one off, or an isolated incident, then you’ll be surprised to learn it’s not. For additional information on this issue see “Search Engine Results – Malware Heaven!”, on this site.

So will search engine providers address the issues described in this article? Sure – but only when consumers who are totally fed up with tainted search engine results finally force them to. I don’t see that happening any time soon.

Writing articles like this is not without risk. For example, several years ago I wrote an article on an application – Finally Fast – considered by many to be less than it pretends to be. Google “Finally Fast scam” to see what I mean.

Recently, Ascentive, the developers behind Finally Fast, had their lawyers email me a letter in which they threatened to sue me for posting my unbiased views on their product. Since I live in Canada, where the courts are not sympathetic to lawsuits that are launched to intimidate and harass, this letter had little effect. Actually, I considered their threat a backhanded compliment!

Nevertheless, since Ascentive is well know for aggressive threats to sue – they even sued Google – “ The claimant, Ascentive,  a software producing corporation that, after some bad press, got kicked (“suspended”) out of Google’s organic search results & whose AdWords account got disabled, is now  suing  Google”, I did hand the email to my lawyer.

My lawyers advice to me, in decidedly unlawerly language was – “tell them to kiss your ass”.  He want on to explain that a “libel chill” lawsuit such as this, had little chance of being considered by the courts in this country.

Like most people I don’t react well to threats, so I did consider looking to the Blogger community for support on this and mounting a campaign, with the help of the community, to take up the gauntlet and spotlight Ascentive’s actions.

But, considering the number of hours that such a campaign would require, I took the easy way out and removed the article. However, if my daily workload should ever lighten – I may yet revisit my decision.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Kate Middleton, Prince William Engagement Leads To Poisoned Search Results

If an event is newsworthy, you can be sure cybercriminals are exploiting it and creating opportunities to drop malicious code on our computers – malicious code designed, in most cases, to separate unwitting victims from their money.

Taking advantage  of our curiosity surrounding current events has long been a favorite tool of the bad guys, and as expected, cybercriminals have jumped on the news of  Prince William’s engagement to Kate Middleton, and are actively exploiting this popular topic.

Cybercriminals don’t have to jump through hoops, write brilliant code, or take extreme measures, to be successful at the type of social engineering that goes hand in hand with capitalizing on newsworthy happenings. They simply poison selected search engine results – not as difficult to do as you might imagine.

For example, the Sunbelt Software Blog is currently reporting that “a Google search for “Kate Middleton” results in a poisoned link on the second photo under “Images for Kate Middleton.”

Google search string “Kate Middleton” = 14,300,000 results. (Click on a graphic to enlarge).

Google search string “Images for Kate Middleton” = 8,600,000 results.

Sunbelt warns that searching for photos of Middleton, can lead to images which redirect a  Firefox user to a compromised site where the user is encouraged to download a Trojan masquerading as a Firefox update.

Click on the graphic to expand and check the URL closely. You’ll notice that it reads Friefox – not Firefox.

(Graphic courtesy of Sunbelt Blog).

The Sunbelt warning goes on to say:

The destination pages are usually legitimate ones, but are rarely ones dedicated to bringing news to readers. Depending on which browser the users are using, they will be redirected either to a YouTube-like page offering a video codec or to a page sporting and infection warning and offering a fake AV for download (IE users).

To save you the trouble of having to search – here’s a pic of the bikini clad Middleton. 

Old advice, but worth repeating nonetheless – Save yourself from being victimized by scareware, or other malware, and review the following actions you can take to protect your Internet connected devices including your computer system:

• When surfing the web – Stop. Think. Click
• Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on your computer.
• Install a personal firewall on your computer.
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
• Ensure the anti-virus software scans all e-mail attachments.

For additional information on fake search engine results, you can read an earlier article on this site – Malware by Proxy – Fake Search Engine Results.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

An Anti-malware Test – Common Sense Wins

I’ve just finished an anti-malware test that lasted for just over a year. For this test, I took a test machine, running Windows XP Professional, which I did not shut down, or reboot, for 373 days.

For 373 days, the machine was continuously wired to the Internet and each day, was used for active surfing and general computer use, including email, downloading applications, and so on.

During the test period, the installed anti-malware applications were patched and updated, as was the operating system. Common sense; right?

However, I did not run a single anti-malware scan of any description, since not doing so, was part of the objective of the test.

The overall purpose of the test was to determine if common sense plays a role in protecting a computer user against viruses, adware, spyware, hackers, spam,  phishing, and other Internet frauds.

Let me be clear, this test is in no way scientific, but instead, is a rather simple test on the importance of common sense in using a computer attached to the Internet.

Installed Anti-malware applications:

ZoneAlarm Firewall (free edition)

Spyware Terminator (free edition)

Avira Antivirus (free edition)

ThreatFire (free edition)

SnoopFree Privacy Shield (freeware)

WinPatrol (free edition)

Firefox – not strictly an anti-malware application, but…..

WOT

During this very extensive test run, the machine showed no indication of a malware infection; at least by normal observation (since I didn’t run any scans), – no system slowdown; no unusual disk use; no unusual Internet activity; no security application warnings.

In addition to practicing common sense in terms of not visiting the class of web sites that are known to be dangerous – porn sites; salacious news site; Facebook; MySpace; and so on, I absolutely adhered to the following.

I did not:

Download files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.

Click links in instant messaging (IM) that had no context, or were composed of only general text.

Download executable software from web sites without ensuring that the site was reputable.

Open email, or email attachments, from unknown people.

Open email attachments without first scanning them for viruses.

Open email attachments that ended in a file extension of .exe, .vbs, or .lnk.

Visit any site not shown as safe by WOT.

After 373 days (the end of the test period), I then ran multiple scans using the onboard security applications. The end result – not a single incidence of infection, malware, or an unwanted application.

It’s clear, at least to me, that by using common sense and updating both applications and the operating system, not visiting the class of web sites known to be unsafe, not clicking haphazardly and opening the types of files that are clearly dangerous, and being aware of the hidden dangers on the Internet, the dividends were measurable.

This was a long boring test, but it proved to me, that using common sense reduces the substantial risks we all face while surfing the Internet, regardless of the antispyware, antivirus, and the other Internet security applications installed.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Search Engine Results – Not to be Trusted!

It’s been more than a year since I last reported on fake search engine results, and in that time, this Internet scam has not gone away, but it did seem to develop a lower profile.

Despite developing this lower profile, cyber-crooks continued to be unrelenting in their chase to infect web search results. Recently, there has been a resurgence in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

A new grouping of 200,000+ compromised sites has been discovered, all of them redirecting to fake security software. The following graphic (courtesy of Cyveillance Blog), shows an attack underway.

As is usual with this type of redirection, when a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

The following graphic (courtesy of Cyveillance Blog), illustrates 260,000 sites, they discovered, which will redirect.

Redirection exploit process:

Generally, there are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

It’s often difficult to determine who the cybercriminals responsible for specific attacks of this type are, but not in this case. Researchers have concluded the infamous Koobface gang are responsible.

Regular readers are aware that we repeat the following advice regularly, but it’s worth repeating.

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Want to be a Successful Cyber Crook – Here’s a Tip!

If you want to enhance your chances of being a successful cyber scam artist/cyber crook, you need to; look the part and act the part, of a successful Internet business organization.

How hard is that? Not hard at all when you consider all you need to do is offer a product that appears genuine, and perhaps most importantly – advertise in readily available and trusted media.

So, if you want to succeed in the $105 BILLION “Internet shadow economy”, advertising your “product” on an Internet search engine, could be a major step in helping you reach your goals.

Why an Internet search engine? Well, if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive. In a sense, search engines impart instant legitimacy.

Part of the process of offering a product that appears to be genuine, would include producing and promoting a Web site that instills confidence in those unlucky enough to click on your ad, such as the site pictured below for ErrorSmart, a notoriously misleading application .

But hold on! Given that search engine results can be manipulated, or worse (see “Search Engine Results – Malware Heaven!” on this site), it is reasonable to ask the question – why aren’t typical Internet users aware of this situation?

The simple answer is – search engines make little, or no effort, to educate their users in the risks involved in relying on advertisements appearing in their applications. As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

A user looking for a review of ErrorSmart, for example, has a reasonably good chance of finding the following fraudulent review:

ErrorSmart uses the industry’s most advanced error-resolution technology and puts it to work for you. By scanning your hard drive, analyzing the errors and correcting the problems, ErrorSmart can restore your system performance and increase startup speed by up to 70 percent.

Whether it’s incomplete uninstalls, failed installations, driver issues or spyware infections that are affecting your PC, ErrorSmart will rid you of your computer problems in just minutes.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

For example ErrorSmart (the site pictured earlier), a “scareware/rogueware” application developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false positives generated by the application, has been “advertised” for months on a number of leading search engines.

I shudder when I think of the huge numbers of surfers who have suffered the consequences of accepting a download of this misleading application.

If you are one of the unlucky computer users’ who is struggling with computer chaos caused by the installation of this “scareware”, visit 411-spyware.com, a great site that specializes in helping those who have been manipulated into installing rogue software.

If you think this is a one off, or an isolated incident, then you’ll be surprised to learn it’s not. According to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through rogueware attacks.

I’ve said it before and I’ll say it again – an argument can be made, that the Internet has turned into a playground for cyber-criminals.

So will search engine providers address the issues described in this article? Sure – but only when consumers who are totally fed up with tainted search engine results, and malicious hackers, finally force them to.

Fact: Failure to protect the Internet, which by definition is an open network, has substantial penalties ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence and more.

Great business model!!

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Hey Sucker – Read This! Michael Jackson’s Not Dead!

The Web is the success it has become at least partially due to the fact that it can satisfy our curiosity about almost anything we can think of, including the sensational death of Michael Jackson .

We have learned to satisfy this curiosity simply by a mouse click here, and a mouse click there. In a sense, we have developed a conditioned response to “just click”. You are reading this article, in all likelihood, because the title roused your curiosity.

Using the Internet we can snoop, probe, and pry; and question, or confirm, virtually any statement, fact or opinion. We now have access to a quantity, and quality (some might dispute the quality), of information as never before. Sensational news alerts are a particularly delicious enticement.

Naturally of course, sensational news alerts, will continue to be one of the methods cyber-crooks will use to capture Internet users’ attention, particularly in emails, Google search results, and on social networking sites like Twitter and FaceBook.

Michael Jackson email scams

Since Michael Jackson’s death, email inboxes have been flooded with enticing scam emails, along with the usual emails offering pharmaceuticals, expensive watches, and other knockoff products with which we are all familiar.

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity – the reason you clicked on this article. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational topics.

Knowing this, email scammers (cyber-crooks), will continue to exploit our natural curiosity, to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

With the worldwide Internet population now estimated to be 1.08 billion users, email scammers (cyber-crooks), have a huge playing field in which to practice their crafty scams.

Cyber-crooks, I’m convinced, must feel as if they are in cyber-crooks paradise given the opportunities such a large number of generally unaware potential victims present for illicit monetary gain.

Security experts (including me), argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

It continues to be true  that the majority of typical users, that I meet, are unaware of the very real dangers that spam emails and social networking links, hold for their safety, security and identity protection.

On the other hand, I’ve noted that aware Internet users rely on their own experiences and common sense to avoid malware infections. Generally, they are well aware of the hidden dangers on the Internet and have overcome that natural tendency to “just click”.

While on the Internet keep the following tips in mind:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Despite the title of this article Michael Jackson is dead. Yes, I know you knew this.

Elsewhere on this site there are additional articles dealing with current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

Google – Get Off Your Collective Butts and Fix The Problem!

Internet security is a “sexy” business – one gets to work in the “dark side” of the Internet and is constantly challenged to stay ahead of the learning curve, develop new techniques, appliances and applications to protect Web sites, and attached devices and systems, from hackers, cyber-crooks, malware and while understated, terrorists.

Failure to protect the Internet, which by definition is an open network, has substantial penalties ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence and more. It’s this last one – a failure in consumer confidence that is the focus of this article.

In dealing with Internet security issues, I’m often frustratingly reminded of the “head in the sand syndrome” – if we ignore it will go away, if we ignore it then it can’t be real, if we ignore it will get better, anon. It’s no surprise then that a substantial security issue, well known to Google, which has failed to come up with an effective solution, continues to plague the Internet.

Those of us who are involved in Internet security know, and have known for a considerable time, that cyber-crooks are unrelenting in their chase to infect web search results. We know that there has been a steady increase in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

For example, until quite recently (less than 3 weeks ago), a user searching for the following string on Google “Microsoft Office 2002 download” would have encountered a Microsoft.com redirection link as the first result. That link had been redirecting visitors to a malicious web site, that then launched a malware attack which included an attempt to convince victims to download rogue security software. Microsoft has since fixed the problem.

Equally as disturbing, seventy nine percent of compromised web pages tracked in the last year were on legitimate web sites; including web sites belonging to Fortune 500 companies, government agencies and ironically, security vendors.

If one were to poll a group of typical Internet users as to the safety and reliability of search engine results there is little doubt that the answer would be positive. Given that search engine results can be manipulated in the ways described above, and other ways, it is reasonable to ask the question – why aren’t typical Internet users aware of this situation.

Arguably, a case could be made that Google and others subscribe to the “head in the sand syndrome” – if we ignore it will go away, if we ignore it then it can’t be real, if we ignore it will get better, since to acknowledge this issue, and to give it the focus it deserves, would erode consumer confidence in the product. Good corporate thinking, huh?

Here’s a sample of what Internet users are facing, posted on the Internet just today, January 16, 2009:

“I’m the owner of the site http://www.xxxxxx.net. When anyone searches Google for our firm, the first result looks like the link to our site. But when anyone clicks on that result they get redirected to an alarming site that tries to sell fake spam software. The hijack site takes control of the browser! This is happening when our potential clients search for us! Help! If I type the address directly into my browser then it works fine. I submitted a spam report to Google a couple of days ago, but nothing has changed yet”.

So how do the crooks do it?

Common techniques used by cyber-criminals include the manipulation of search engine results, and the seeding of fake Websites among the top results returned by these engines. When a potential victim visits one of these sites (as described above), the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

An additional method, employed by cyber-crooks is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So will Google address this issue? Sure, but only when malicious hackers finally force them to. Great business model Google!

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Checkout Need Free Security Programs? – 10 Of The Best! on this site

Fake/Redirected Search Results – Consequences for You

I hate being victimized! Unfortunately, all of us who use the Internet can be victimized in ways that sometimes defy credibility. Ironically, even those of us who specialize in Internet security can be targeted by cyber-criminals.

Several weeks ago, one of my Blog sites was the target of redirected search engine results. Essentially, what had been happening is this – when a search was made by a web user which produced a result listing my site, and the user clicked on that link, in some circumstances, the user was redirected to a site, or page, controlled by a hijacker.

While this exploit didn’t impact me financially, since I don’t run ads on my sites, it was disappointing knowing that cyber-criminals were potentially benefiting economically from the results of my efforts. Very often, the purpose behind this type of attack is the hacker’s need to increase his site’s reputation on Google, and other search engines, by fraudulently increasing the site’s hits. This can lead to an increase in profits generated by that site.

The dangers to you:

Those of us who are involved in Internet security know – cyber-crooks are unrelenting in their chase to infect web search results. We know that there has been a steady increase in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

Earlier today, I read on the Darkreading Website, a security site for IT professionals, “that hackers have launched a multi-faceted attack on the Website of the popular AARP organization, rerouting traffic from the seniors’ association to pornography sites”. A bit chancy, I would have thought.

Other common techniques used by these cyber-criminals include the manipulation of search engine results, and the seeding of Websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.