Wednesday, June 01, 2005
Spreading the Infection
Want to know a quick way to make money with your Web site? Don’t care much about ethics? Have I got a deal for you.
In the current issue of Information Week, I found a little story toward the back about something that makes me happy as hell to be using a Macintosh. iframeDollars.biz pays owners of sites to infect your computer with adware and spyware--and, on a high traffic site, the payouts can be pretty impressive.
iframeDollars.boz says it pays Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven’t been updated would be vulnerable to the exploit. According to analysis done by the SANS Institute’s Internet Storm Center, the exploit drops at least nine pieces of malicious code--including back doors, other Trojans, spyware, and adware--on any PC whose user surfs to a site that hosts the exploit code.
The company pays $61 per thousand infections to site owners willing to screw their own viewers.
Here’s my suggestion: don’t visit warez sites, porn sites, free music sites, or any other site that you really aren’t completely sure about. Surf with Firefox or something other than Internet Explorer except when you need specific services that IE provides--and then only surf known and trusted sites. Keep your security settings in the preferences closer to “paranoid” than to “naive.”
You might also want to read Information Week’s Security Center regularly to find out all the different ways that the unscrupulous are trying to make your computing life miserable.
(0)
Comments & Trackbacks
Make note of the “patched Windows and Internet Explorer vulnerabilities” statement. I’m not going to wade into a security debate here (because most of the blogosphere is far less qualified for such a discussion than they realize and I have no patience for fools any more), but the word “patched” in this statement says a lot.
It does, and you’re absolutely right. And the fact is that I keep my Macintosh updated, but I haven’t checked my laptop for available patches and updates in probably four or five months. I would be one of those people who aren’t particularly well-qualified to debate security issues.
So, yeah, you make a good point.
Buy a Mac, or if you’re broke, get Firefox.
On second thought, stay off Firefox. If it gets any more market penetration they’ll start finding exploits in it.
When I replace my current laptop, it will probably be with a secondhand PowerBook, and part of the reason will be security. Whether the OS is more or less secure isn’t something that I care about; whether someone is more or less likely to attack me through whatever security holes the OS has, I care about a lot.
My current Win XP laptop has been solid, and since my use of it is pretty limited, I haven’t had any problems with spyware or viruses. But the fact is, I don’t do what it takes to keep the box secure, and sooner or later my bad habits are going to bite me in the butt.
I will have to get Virtual PC so I can run MTGO when I get the urge to play a game, though…
They have found exploits in Firefox. I catch spyware and viruses about once every 10 days.
...but then, I often update my virusware, update Firefox, and run scanners at least once a week. All automatic so I don’t have to remember. No problems on my laptops to date.
Ooops, I keep forgetting to mail that CD…
No big thing. I would have nagged you if I needed it (or just gone out and bought it on my own if I really needed it).
Sure, they’ve found Firefox exploits, but I think those were mostly found by users or developers, not exploiters. Has there even been a Firefox exploit found in the wild? I think it would be too much trouble for someone to try, what with the tiny user base the browser has.
"found in the wild”...?
I’m not sure what you mean, because if I do understand, well, ZB noted on this website that Drudge Report managed to sidestep Firefox’s pop-up-blocker with a “pop-under” (IIRC).
And Firefox is supposed to stop spyware and adware, isn’t it?...but I have some appearing on my laptop. So, yeah: there are exploits found in the wild, or I wouldn’t have found them. Firefox is the only channel they had to reach my computer.
No protection is perfect, so multiple levels of protection are advisable.
Yeah, they have found exploits and whatnot. They tend to be fixed rather quickly, and there haven’t been a whole lot. There’ve been stories on Slashdot. Still several orders of magnitude different from IE.
Yeah, but most of those exploits were found and patched before they were actually exploited was my point. Nathan’s ad-ware could be from other sources. Some programs are notorious for installing extra crap.
Anyway, there have only been four major holes found in Firefox. Hence the 1.04 version I’m currently running. Microsoft gets around that by never issuing a new version number for IE.
Ah, I see. I didn’t really understand what you meant. I’m clear now.
...sort of.
Glad you’re sort of clear. Regardless, if anyone isn’t using Firefox now, please don’t start. I don’t want to go through the security-update-every-week bullshit that’ll happen when it gets 40% of the market.
Heh. Surfing the Web with Opera 7.54 for Linux. And never had a single problem.