Dangers grow on Web from attacks

July 9, 2009 By Elise Ackerman

When people worry about the dangers of the Internet, a Web site built by the producers of "Mister Rogers' Neighborhood" is probably not what they have in mind.

So parents and teachers became highly alarmed when their Google searches earlier this year for the site, Family Communications, turned up dire warnings about a infection.

"The phone kept ringing and ringing," said Kevin Morrison, the chief operating officer for the Pittsburgh production company founded in 1971 by Fred Rogers, the popular children's television host. "They were saying, 'Google says your site is not safe.'"

It took Morrison some time to figure out that fci.org had been hacked. And it wasn't alone. More than a dozen other sites that share the same hosting provider had been targeted, part of a global and growing wave of malicious activity that is forcing ordinary Internet destinations into the online equivalent of quarantine zones.

"Hackers are breaking into every site they can," said Richard Wang, a manager at SophosLab US, a Boston-based security company. "The old advice about avoiding sites offering free software, illegal downloads or adult content is less relevant now. Any site can be a source for infection."

By the end of last year, Microsoft was finding booby-trapped Web pages at the rate of a million a month. These sites, also known as drive-by downloads, can infect a computer without a person taking any action except visiting a Web page. A human isn't required to click on an e-mail link or to agree to install any software. Instead, the sites automatically download software onto visitors' computers.

Once that happens, can do several things. They can implant a keystroke logger on the machine to record passwords or other valuable information. Compromised machines also often become part of "botnets," large collections of computers that are rented out for criminal purposes, including sending spam or phishing, an attack that attempts to trick someone into revealing valuable personal information.

While drive-by downloads have plagued the Web for years, security experts say their numbers are spiking because criminals have automated their attacks, and because sites have become more vulnerable as they have become more complex. Sophos said its Web crawler discovers a new infected Web page every 4.5 seconds, a threefold increase over 2007.

"It's one of the biggest trends we are seeing," said Zulfikar Ramzan, a technical director at Symantec.

Infected Web pages still make up only a tiny portion of the Web itself, which has grown to more than a trillion pages. But by piggybacking on popular destinations -- like the Mister Rogers site -- they turn up with increasing frequency in search results.

Last year attackers broke into sites owned by well-known brands like Sony and Adobe, as well as BusinessWeek and Cambridge University Press.

Ordinary people can largely protect themselves by keeping their operating systems, browsers and anti-virus software up to date. Browser plug-ins from large anti-virus manufacturers such as Symantec and McAfee as well as smaller companies like Web of Trust identify potentially problematic Web sites. And other plug-ins like NoScript for the FireFox browser can cripple malicious code by disabling software scripts, though they can also reduce the "special effects" on some sites.

All major search engines prominently flag risky sites when they show up in search results. For example, Google inserts a link underneath the title of such sites that says "this site may harm your computer."

If someone clicks on the link anyway, Google will take the person to one of its own pages that contains a lengthy warning: "Please be aware that malicious software is often installed without your knowledge or permission when you visit these sites, and can include programs that delete data on your computer, steal personal information such as passwords and credit card numbers, or alter your search results." The Google page does not link to the original URL, or Web address.

At that point, the only way someone can get to the offending site is to type in the URL directly.

The problem with this kind of approach, said Neil Daswani, who worked on the security team at Google for three years, is that a lot of unsuspecting Web site owners are finding themselves blacklisted for reasons they don't understand. There are literally 10,000 ways attackers can break into a Web site. Locating the harmful code they insert and removing it takes specialized skills. Daswani said the average Web site operator can't keep up.

Daswani left in October to co-found a company, Dasient, whose goal is to help ease the load at a reasonable price. Basic diagnostic and monitoring services are free. For an additional fee, ?Dasient will automatically remove dangerous code before the problem is spotted by a search engine without disrupting the operation of the site.

Morrison said he was initially skeptical of Dasient, but after the company quickly found rogue software that was using the Family Communications site to run a phishing scam, he happily signed on as a beta tester. "If you do have a Web site with a lot of pages there is no easy way to know where the bad code is," he said. " doesn't tell you."



1. Make sure you have the most current version of your operating system and browser.

2. Update anti-virus and anti-spyware software.

3. Pay attention to search-engine warnings.

4. Add a browser plug-in that will provide additional information about problem Web pages.

5. Add a browser plug-in that will prevent automatic launching of Web-page software.


(c) 2009, San Jose Mercury News (San Jose, Calif.).
Visit MercuryNews.com, the World Wide of the Mercury News, at http://www.mercurynews.com
Distributed by McClatchy-Tribune Information Services.

Explore further: Review: Firefox 1.5

Related Stories

Review: Firefox 1.5

December 1, 2005

Who says free software is worthless? Last year the developers at Mozilla took on the aging Internet standard, Microsoft's Internet Explorer, and had an instant hit on their hands with Firefox 1.0. A large reason for this ...

Too much YouTube? Lock it up

February 18, 2009

We all love to waste time at work checking out a YouTube video or updating our Facebook profiles, but if you can't control yourself, there's keepmeout.com, a free service that lets you set limits on your Web browsing.

Spyware poses identity-theft risk (Update)

September 15, 2005

A new study finds that a growing amount of Internet spyware -- programs downloaded to users' computers without their knowledge -- is designed specifically to steal personal information that could be used for identity theft. ...

Web browser enters a golden age

July 1, 2009

It's been a long time coming, but the humble Web browser is finally entering a golden age. Some 20 years after creation of the World Wide Web and more than 10 years after Microsoft crushed Netscape, the browser market has ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.