Powered By Blogger

Friday, May 04, 2007

Web browsers: Still unsafe

YOU are surfing the net, and stop at a sports site you regularly visit to read the latest headlines. You are always careful to avoid sites that appear suspect, so you feel safe online. Unbeknownst to you, though, and to the innocent owner of the website, a piece of malicious code has been added to the page you are viewing. This uploads software onto your computer via your browser, turning it into a "zombie" PC under the remote control of a malicious user.

While installing firewalls and antivirus software on your computer may keep it safe from conventional threats such as worms and viruses, these security tools do not inspect data downloaded through browsers - a loophole that attackers can exploit. "The firewall is dead," says Google security specialist Niels Provos.

The threat is real, not just a theoretical possibility:

Provos warned that many web users are becoming the victims of "drive-by" downloads of bots from innocent websites corrupted to exploit browser vulnerabilities. As firewalls allow free passage to code or programs downloaded through the browser, the bot is able to install itself on the PC. Anti-virus software kicks in at this point, but some bots avoid detection by immediately disabling it. Once a computer has become infected with the malicious software, the zombie periodically connects to a web server controlled by the botmaster to receive instructions and download more software.

To determine the scale of the problem, Provos's group at Google analysed several billion web pages and selected 4.5 million suspicious pages for more detailed study. To test for malicious software, or malware, they loaded a program designed to simulate a computer with a vulnerable version of Internet Explorer and monitored what happened. They found around 450,000 web pages that launched drive-by downloads of malicious programs. Another 700,000 pages launched downloads of suspicious software. More than two-thirds of the malicious programs identified were those that infected computers with bot software or programs that collected data on banking transactions and emailed it to a temporary email account.

You don't even know it's there. The result: be very careful with the sites you go to. If possible, don't use Internet Explorer; IE is a disaster for security.



No comments: