iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Trust No Site
Search:
[ news_security_news ]

Trust No Site



Chris Crum
Staff Writer
2006-05-10

SecurityProNews: Insider Reports Insider Reports RSS Feed


Security researcher Roger Thompson advises against placing so much trust in so-called "trusted websites".

Thompson of Exploit Prevention Labs is referring to sites like Google, Yahoo, and MSN - or more specifically their search results. He points out that most people feel fairly safe when clicking on links from the SERPs (Search Engine Results Pages) , or visiting other "trusted" sites.

"Trusted web sites can't always be trusted," says Thompson. "Cyber criminals are now finding ways to commandeer trusted web sites and use those sites to push driveby downloads, rootkits and other malicious exploits onto the computers of unsuspecting web site visitors."

Exploit Prevention Labs has this story to share:

Recently, Thompson discovered a web site in the U.K. operated by a plasterer. The plasterer, hoping to promote his business on the web, had created a web site using freely available tools. In this age of open source and free software, many web site owners take advantage of free tools. Unbeknownst to the plasterer, however, one of the freeware tools he downloaded, which allowed him to place a web counter on his site, was inadvertently exposing visitors to malicious crimeware.

As Thompson discovered, this free web counter had a second, hidden function. When someone visited the plasterer's site, the web counter updated the visitor count by accessing a web server in Slovakia. Nothing wrong with that, says Thompson. But then the Slovakian server surreptitiously contacts a server in Colorado, grabbing a piece of crimeware that was downloaded on to the unsuspecting web site visitor's computer. This crimeware took advantage of a security vulnerability in the Windows operating system know as Windows Metafile, or ‘WMF' by security researchers, that allows cyber criminals to download software onto a web site visitors' PC.

The moral of the story: there are vulnerabilities discovered all of the time, and sometimes it takes a while for them to be patched. Be cautious.

Add to | DiggThis | Yahoo! My Web

Technorati:


About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds