September 2009 / Website Malware

Earlier this month the popular PBS.org website was infiltrated by hackers who placed malicious code on it that exploited vulnerabilities in Adobe Acrobat Reader and Apple Quicktime. To become infected you didn’t need to download any files or submit a form, all you had to do was simply visit the page. To make matters worse the code was found on a site for a popular children’s TV show, in essence taking advantage of unsuspecting kids to infect their parents’ computers.

In this month’s Tech Brief we’ll take a look at the growing trend of website malware. We’ll discuss what it is, how it works, and most importantly – how to avoid becoming infected by it.

Website Malware - An Overview

In a report released by Google, the number of websites identified as being compromised by malware more than doubled over the past year, from 150,000 to over 340,000 (this doesn’t include unique URLs on those sites – which numbers in the millions). In another recent report by Websense, 95% of all user-generated comments on blogs, chat rooms, and message boards are spam or malicious.

It used to be that staying safe online meant keeping your antivirus software up to date, making sure you had the latest security patches, and being careful not to download anything that looked suspicious. Not anymore. Like a biological virus, hackers have responded to tightened security by evolving new ways to attack you. One of the more devious methods is to hack into popular websites (examples have included the Miami Dolphins website and the Myspace pages of popular musicians) and upload malicious code which will install viruses, trojans, or botnet software on your machine without your knowledge or consent. It’s simple yet destructive method that has been dubbed “drive-by-download”.

How it Works

There are a few different ways that hackers use to infect websites with malware.

• Taking advantage of software security flaws: By uploading small snippets of malicious javascript code, hackers are able to exploit security flaws in popular software such as Adobe Acrobat (pdfs) or Flash which they in turn use to install malware.
• Using invisible iframes: Some hacked sites have small invisible “windows” called iframes installed on them which will, in the background, navigate to a host site which contains the malware and install it on your machine. Again, this is something that can happen simply by visiting an infected site.
• Deceptive popup ads or installs: When visiting a site you may get a popup ad claiming your computer is infected with spyware or viruses and the only way to clean it is by downloading specific software or running a free check. Clicking anywhere on the ad, even on a “close” button that may be featured could infect your machine (always click on the window’s “X” close button). Sometimes hacked sites will prompt you to install an unknown Active X component or Java applet. Many users will ok the installation not realizing that they’ve just downloaded malware.

Steps You Can Take to Avoid Infection

There’s no way to keep yourself 100% safe from website malware, but there are steps you can take to reduce your risk.

• Make sure your Antivirus definitions are updated regularly and your machine is frequently scanned. Although it most likely won’t prevent website malware from installing on your machine, antivirus software will help identify and clean out any traces if you do become infected
• Consider using Mozilla Firefox or Google Chrome Internet browsers. Both these browsers have been recently updated to make it harder for drive-by-downloads to infect your machine.
• Use AVG Linkscanner. This free software from AVG, a leading antivirus company, scans websites and links for potentially malicious code and alerts you when a threat appears. It also scans the links of search results on Google and Yahoo to let you know what sites may be harmful. Linkscanner works seamlessly in the background and doesn’t conflict with any existing non-AVG anti-virus software. More information and a download link can be found here: http://www.linkscanner.avg.com
• Common sense should always prevail. If something on the web doesn’t seem right, chances are its not!

In Closing

You’re never going to be 100% protected from malware. Even the most security-conscious user will get infected occasionally. The best thing to do is follow recommendations we discussed and always be alert and aware of where you’re browsing.

As always if you have questions about malware or any other IT-related security issues, please contact us. SNS engineers are constantly monitoring known and emerging security threats and can offer help with how to protect yourself when browsing online.