Clueless about Malware (And probably life too)

Here is an excerpt from a post made to a group that helps/deals with Malware reports on web sites.

I can no longer visit this site through google. "Warning – visiting this web site may harm your computer!" This is just a lie and I think we all know why this site is being persecuted. Keep your personal opinions and the opinions of your investors out of it. The deeper I dig in to the StopBadware.org manifesto the more obtuse your definitions become. A couple clicks and suddenly "Site may harm your computer" turns in to "contains or links to badware or otherwise violates Google’s software guidelines." I hope someone sues you silly.

It just goes to show the general level of ignorance out there from people that:

  1. Don’t understand the size of the problem with regard to the sheer number of infected web sites.

  2. Don’t understand the dangers to there own machines when visiting such sites.

Infected Web Sites

In one case alone last week, 10,000+ sites were hacked and malware placed onto the sites.

In another case, a leading Advertising Agency that supplies adverts to 1000’s of sites, unwittingly supplied an advert that carried malware.

And more alarmingly, a well known Anti-Virus/Spyware/Trojan Software manufacturer had it’s own website hacked and malware placed on the site.

When Google or StopBadware report that there is malware on the site, you can bet that there is a very high probability that there is (or was at some point).  The false positive count is extremely low when you consider the number of sites that are listed.

How Safe Am I?

Gone are the days when the you could say, "But I don’t use Internet Explorer, I use Firefox/Opera/Mozilla" or "I’m on a Mac/Linux" etc etc etc.

You must keep whatever system you use patched with the latest updates and with good Anti-Virus/Spyware and Rootkit detection. (If possible, use overlapping coverage from multiple products).

With one worm alone, during 2007 there were over 17,000 variants.   That’s around 47 variants a day.  The worm went through multiple mutations a day !!

Most often a virus does not use a single attack vector, but will try a whole series of attacks looking at multiple security holes and it won’t give in until it finds one.

Protection from the bad guys and ourselves

Not everyone is vulnerable to being infected and we are talking a very small percentage that are.  But a very small percentage of a large number of users is still a large number of machines that are being added to ‘botnets’ on a daily basis.  Some reports put this at hundreds of thousands of newly infected machines A DAY! And it’s increasing.

Web site visitors must do their part in ensuring that their systems are fully protected, and web masters no matter whether large corporations or an "at home, one man band" must also ensure that their systems are fully protected. That includes any downloaded installations (such as blogs or forums).

Unlike the person above who appears to be in denial of any such problems, the responsibility lies at both ends of the browser! Don’t become part of the problem, become part of the fight back!