[ insider_reports_insider ]
Be Careful What You Click On
SecurityProNews
Staff Writer
2009-03-20
 Insider Reports RSS Feed
It's a good idea, but not a new idea, that one shouldn't just go around clicking any ole link they see without at least taking a good luck at it. That's still important today, especially as the populace becomes more comfortable with Web surfing.
 |
Be Careful What You Click On |  |
That goes for search engines, instant message, Twitter, Facebook, links from people you only vaguely know. Unfortunately, a side effect of the caution users and popular websites are going to have use, it can mean upstarts will have all that much more trouble getting noticed.
The reason is because big brands are recognized and very often trusted not to be a source of malware. The big name alone is a comfort and as such more trusted by both consumers and search engines.
Luckily, Google seems to have gotten on top of the trend abuse going on the past little while. Hot topics in the news made for hot leads to infection, and cybercrooks have been quick about exploiting these topics by scraping content from reputable sites and posting as soon as news broke, with the help of parasite hosting. Google, priding itself on fast indexing, mistakenly promoted these sites high in the search results.
Looking at Google's results today indicate the company has gotten better about this, but at the sacrifice to smaller publishers. Most results now point to big, well known brands.
That doesn't mean crooks are giving up. They're still targeting hot news like the Natasha Richardson tragedy just a couple of days ago. After all, not all search engines are as good as Google in filtering out junk. Following a link to one of the Richardson stories could result in a scareware prompt.
So what's the best line of defense besides antivirus software and firewalls? A cautious eye. Pay attention to the URL listed. Long, complicated, incomprehensible or odd-looking links with lots of subdomains and folders to sites you've never heard of are a red flag. Especially watch out for domains ending in .info (a traditional malware haven), and .cn (China) or other country-specific domains where English isn't the main language but are returning English results.
Fictitious examples: www.shocka.infect.yahoo.info/?wa3getcha; http://wadup.espn.cn/booya24
Also, if still operating in search, pay careful attention to the snippet. Very often the keyword you're looking for just sits among a bunch of nonsense, other unrelated keywords, or sentences that don't make grammatical and syntactical sense.
Non-English-speaking crooks typically don't produce good English traps.
While social networking or instant messaging, be cautious of people you don't know or people you aren't remotely close with suddenly springing a link on you, especially if it looks fishy or if created by a URL shortener like TinyURL or Bit.ly. Drop those shortened links into one of the many shortened URL extenders on the net to see where it leads.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
