Just a few years ago, it was fairly easy to avoid malware-infested websites simply by steering clear of sites that dealt with questionable content like pirated films or music. Today, however, even the most reputable websites are susceptible to hacks that can infest visitors’ computer systems.
In fact, malware infestations have become so commonplace that 1 in 3000 websites harbors code that can infect and steal information from unsuspecting web surfers, according to security firm Kaspersky Lab.
“They will put a piece of Java code, for example, onto a website and scramble it so it is hard to notice,” says Kaspersky senior security researcher Ram Herkanaidu told the BBC. “The Java code runs when you visit the site and redirects the user to malware,” he said.
In 2010 alone there were over 580 million incidents of malware infestations and cyber-criminals have begun targeting seemingly innocuous places like gaming or shopping websites to carry out their attacks.
“Previously you could avoid these attacks by not visiting dodgy websites,” Herkanaidu said. “Today the malware writers are targeting legitimate ones. It has become the cyber crooks’ attack of choice.”
Herkanaidu reports that the number of web-based malware attacks had greatly exceeded the number of new members Kaspersky signed on for their services in 2010.
One of the more popular ways to con Internet users into installing malicious software has been to disguise it as a common application. Over the past year we have seen attacks posing as disk defragmenting tools, antivirus applications, and even fake Black Friday advertisements that preyed on unsuspecting shoppers looking for the best deals.
Keeping antivirus and antispyware applications just aren’t enough to stave off these attacks any more, especially since the criminals are always one step ahead of security agencies. There are, however, script-blocking applications that you can install which will give you complete control over the commands that your browser is allowed to execute. My personal favorite of the bunch is the NoScript add-on for Firefox. Not only does it protect my system from malicious code, it also blocks annoying flash-based ads.
What are your favorite security applications? Feel free to share them in the comments below.