Clueless about Malware (And probably life too)

Here is an excerpt from a post made to a group that helps/deals with Malware
reports on web sites.

I can no longer visit this site through google. “Warning – visiting this
web site may harm your computer!” This is just a lie and I think we all know
why this site is being persecuted. Keep your personal opinions and the opinions
of your investors out of it. The deeper I dig in to the StopBadware.org manifesto
the more obtuse your definitions become. A couple clicks and suddenly “Site
may harm your computer” turns in to “contains or links to badware or otherwise
violates Google’s software guidelines.” I hope someone sues you silly.

It just goes to show the general level of ignorance out there from people
that:

  1. Don’t understand the size of the problem with regard to the sheer number
    of infected web sites.

  2. Don’t understand the dangers to there own machines when visiting such
    sites.

Infected Web Sites

In one case alone last week, 10,000+ sites were hacked and malware placed
onto the sites.

In another case, a leading Advertising Agency that supplies adverts to 1000’s
of sites, unwittingly supplied an advert that carried malware.

And more alarmingly, a well known Anti-Virus/Spyware/Trojan Software manufacturer
had it’s own website hacked and malware placed on the site.

When Google or StopBadware report that there is malware on the site, you can
bet that there is a very high probability that there is (or was at some point).  The
false positive count is extremely low when you consider the number of sites
that are listed.

How Safe Am I?

Gone are the days when the you could say, “But I don’t use Internet Explorer,
I use Firefox/Opera/Mozilla” or “I’m on a Mac/Linux” etc etc etc.

You must keep whatever system you use patched with the latest updates and with
good Anti-Virus/Spyware and Rootkit detection. (If possible, use overlapping
coverage from multiple products).

With one worm alone, during 2007 there were over 17,000 variants.   That’s
around 47 variants a day.  The worm went through multiple mutations a
day !!

Most often a virus does not use a single attack vector, but will try a whole
series of attacks looking at multiple security holes and it won’t give in until
it finds one.

Protection from the bad guys and ourselves

Not everyone is vulnerable to being infected and we are talking a very small
percentage that are.  But a very small percentage of a large number of
users is still a large number of machines that are being added to ‘botnets’
on a daily basis.  Some reports put this at hundreds of thousands of newly
infected machines A DAY! And it’s increasing.

Web site visitors must do their part in ensuring that their systems are fully
protected, and web masters no matter whether large corporations or an “at home,
one man band” must also ensure that their systems are fully protected. That
includes any downloaded installations (such as blogs or forums).

Unlike the person above who appears to be in denial of any such problems,
the responsibility lies at both ends of the browser! Don’t become part of the
problem, become part of the fight back!