|
MANY of the criminal attacks against major websites are invisible to computer users, reported The San Francisco Chronicle.
The newspaper said there are no clues in the appearance of a website that you are being redirected to a compromised site.
If your computer is vulnerable, all it takes to get infected is to visit a hacked site.
Most likely, you will unwittingly download a Trojan, a piece of software disguised as a valid program but that really performs another action, such as shipping out your personal information to a server that could be halfway around the world.
"We have our hands full on a daily basis tracking this stuff," the Chronicle quoted Mr Paul Ferguson, a researcher for Trend Micro, a Web security vendor in Cupertino.
"Professional criminals and organised crime have ongoing, sustained campaigns to rob consumers blind."
The attacks come in waves, the Chronicle reported Ms Mary Landesman, a researcher at ScanSafe, as saying.
In September, media and entertainment sites were attacked; in November, it was sports sites; and in January, she said, it was the "general purpose mainstream sites, the brick and mortar of the Internet".
Researchers say the attacks have been rising since early 2007. They peg them to the rise of a malicious software code industry.
For a few hundred dollars, thieves can buy toolkits like Mpack and Adpack that automate attacks - and even come with customer service.
The toolkits take advantage of flaws in popular software such as Web browsers, Yahoo Messenger, Apple's QuickTime, Adobe Flash and JavaScript.
An attack that Trend Micro, an Internet security firm, was tracking last Friday, for example, went like this: Cyber criminals selected Internet addresses owned by particular companies in Italy and scanned their websites for exploitable flaws.
They also found a vulnerable server in San Diego and infected that. "Now they were open for business," Mr Ferguson said.
They loaded the server with a malicious software program that scanned any computers that visited the target sites for software flaws.
When the program found flaws, it temporarily redirected victims' computers from the target sites to the server, which downloaded yet another malicious program onto the computers, allowing thieves to run their programs undetected. The computers were then returned to the target site.
In this case, because the server was in the US, Trend Micro was able to report the case to the FBI.
Big companies whose sites have millions of visitors a month are prime targets - Sears.com, Target.com andWalmart. com were all attacked in March. .
An even bigger danger to the public are smaller niche sites - like the baby-naming site Yeah-Baby, which was hit last month.
Computer users often can't tell whether a Web site they're visiting is compromised.
While none are foolproof, there are a number of things you can do to help protect yourself, such as:
- Keeping browsers up-todate to make use of the latest security features.
- Downloading free Web plug-ins that help block malicious sites.
For more my paper stories click here.
| 
