The Web is a fount of information, a busy marketplace, a thriving social scene — and a den of criminal activity.
Criminals have found abundant opportunities to undertake stealthy attacks on ordinary Web users that can be hard to stop, experts say. Hackers are lacing Web sites — often legitimate ones — with so-called malware, which can silently infiltrate visiting PCs to steal sensitive personal information and then turn the computers into “zombies” that can be used to spew spam and more malware onto the Internet.
At one time, virus attacks were obvious to users, said Alan Paller, director of research at the SANS Institute, a training organization for computer security professionals. He explained that now, the attacks were more silent. “Now it’s much, much easier infecting trusted Web sites,” he said, “and getting your zombies that way.”
And there are myriad lures aimed at conning people into installing nefarious programs, buying fake antivirus software or turning over personal information that can be used in identity fraud.
“The Web opened up a lot more opportunities for attacking” computer users and making money, said Maxim Weinstein, executive director of StopBadwarea nonprofit consumer advocacy group, which receives funding from Google, PayPal and Mozilla, among others.
Google says its automated scans of the Internet recently turned up malware on roughly 300,000 Web sites, double the number it recorded two years ago. Each site can contain many infected pages. Meanwhile, malware doubled last year, to 240 million unique attacks, according to Symantec, a maker of security software. And that does not count the scourge of fake antivirus software and other scams.
So it is more important than ever to protect yourself and others from attackers. Here are some basic tips for thwarting them.
PROTECT THE BROWSER
The most direct line of attack is the browser, said Vincent Weafer, vice president of Symantec Security Response. Online criminals can use programming flaws in browsers to get malware onto PCs in “drive-by” downloads without users ever noticing.
Internet Explorer and Firefox are the most targeted browsers because they are the most popular. If you use current versions, and download security updates as they become available, you can surf safely. But there can still be exposure between when a vulnerability is discovered and an update becomes available, so you will need up-to-date security software as well to try to block any attacks that may emerge, especially if you have a Windows PC.
It can help to use a more obscure browser like Chrome from Google, which also happens to be the newest browser on the market and, as such, includes some security advances that make attacks more difficult.
GET ADOBE UPDATES
Most consumers are familiar with Adobe Reader, for PDF files, and Adobe’s Flash Player. In the last year, a virtual epidemic of attacks has exploited their flaws; almost half of all attacks now come hidden in PDF files, Weafer said. “No matter what browser you’re using,” he said, “you’re using the PDF Reader, you’re using the Adobe Flash Player.”
Part of the problem is that many computers run old, vulnerable versions. But as of April, it has become easier to get automatic updates from Adobe, if you follow certain steps.
To update Reader, open the application and then select “Help” and “Check for Updates” from the menu bar. Since April, Windows users have been able to choose to get future updates automatically without additional prompts by clicking “Edit” and “Preferences,” then choosing “Updater” from the list and selecting “Automatically install updates.” Mac users can also arrange updates using a similar procedure, though Apple requires that they enter their password each time an update is installed.
Adobe said it did not make silent automatic updates available previously because many users, especially at companies, were averse to them.
To get the latest version of Flash Player, visit Abobe’s Web site.
Any software can be vulnerable. Windows PC users can identify vulnerable or out-of-date software using Secunia PSI, a free tool that scans machines and alerts users to anything that needs attention.
BEWARE MALICIOUS ADS
An increasingly popular way to get attacks onto Web sites people trust is to slip them into advertisements, usually by duping small-time ad networks. Malvertising, as this practice is known, can exploit software vulnerabilities or dispatch deceptive pop-up messages.
A particularly popular swindle involves an alert that a virus was found on the computer, followed by urgent messages to buy software to remove it. Of course, there is no virus and the security software, known as scareware, is fake. It is a ploy to get credit card numbers and US$40 or US$50. Scareware accounts for half of all malware delivered in ads, up fivefold from a year ago, Google said.
Closing the pop-up or killing the browser will usually end the episode. But if you encounter this scam, check your PC with trusted security software or Microsoft’s free Malicious Software Removal Tool. If you have picked up something nasty, you are in good company; Microsoft cleaned scareware from 7.8 million computers in the second half of 2009, up 47 percent from the 5.3 million in the first half, the company said.
Another tool that can defend against malvertising, among other Web threats, is K9 Web Protectionfree from Blue Coat Systems. Though it is marketed as parental-control software, K9 can be configured to look only for security threats like malware, spyware and phishing attacks — and to bark each time it stops one.
POISONED SEARCH RESULTS
Online criminals are also trying to manipulate search engines into placing malicious sites toward the top of results pages for popular keywords. According to a recent Google study, 60 percent of malicious sites that embed hot keywords try to distribute scareware to the computers of visitors.
Google and competing search engines like Microsoft’s Bing are working to detect malicious sites and remove them from their indexes. Free tools like McAfee’s SiteAdvisor and the Firefox add-on Web of Trust can also help — warning about potentially dangerous links.
ANTI-SOCIAL MEDIA
Attackers also use e-mail, instant messaging, blog comments and social networks like Facebook and Twitter to induce people to visit their sites.
It’s best to accept “friend” requests only from people you know, and to guard your passwords. Phishers are trying to filch log-in information so they can infiltrate accounts, impersonate you to try to scam others out of money and gather personal information about you and your friends.
Also beware the Koobface worm, variants of which have been taking aim at users of Facebook and other social sites for more than a year. It typically promises a video of some kind and asks you to download a fake multimedia-player codec to view the video. If you do so, your PC is infected with malware that turns it into a zombie (making it part of a botnet, or group of computers, that can spew spam and malware across the Internet), exposes your personal information and possibly imperils your friends.
Spam filters and current security software can help protect you. Defensioa tool from Websense that is free, can block spam and malicious links from being posted on your blog or Facebook page.
On May 13, Facebook unveiled new security features to combat malware attacks, phishing scams and spam.
Users can choose to be notified when their account is accessed from a computer or mobile device they haven’t used before. To do this, go to “account settings,” then “account security,” then click change. There you can choose to be notified of logins by e-mail or text message.
Facebook is also adding a layer of authorization when it notices unusual activity on an account, such as simultaneous log-ins from opposite sides of the planet. The changes, which are currently being rolled out, come as Facebook faces increasing criticism over the way it handles user privacy.
Above all else, you need to keep your wits about you. Criminals are using increasingly sophisticated ploys, and your best defense on the Web may be a healthy level of suspicion. Additional reporting by AP
In late October of 1873 the government of Japan decided against sending a military expedition to Korea to force that nation to open trade relations. Across the government supporters of the expedition resigned immediately. The spectacle of revolt by disaffected samurai began to loom over Japanese politics. In January of 1874 disaffected samurai attacked a senior minister in Tokyo. A month later, a group of pro-Korea expedition and anti-foreign elements from Saga prefecture in Kyushu revolted, driven in part by high food prices stemming from poor harvests. Their leader, according to Edward Drea’s classic Japan’s Imperial Army, was a samurai
The following three paragraphs are just some of what the local Chinese-language press is reporting on breathlessly and following every twist and turn with the eagerness of a soap opera fan. For many English-language readers, it probably comes across as incomprehensibly opaque, so bear with me briefly dear reader: To the surprise of many, former pop singer and Democratic Progressive Party (DPP) ex-lawmaker Yu Tien (余天) of the Taiwan Normal Country Promotion Association (TNCPA) at the last minute dropped out of the running for committee chair of the DPP’s New Taipei City chapter, paving the way for DPP legislator Su
It’s hard to know where to begin with Mark Tovell’s Taiwan: Roads Above the Clouds. Having published a travelogue myself, as well as having contributed to several guidebooks, at first glance Tovell’s book appears to inhabit a middle ground — the kind of hard-to-sell nowheresville publishers detest. Leaf through the pages and you’ll find them suffuse with the purple prose best associated with travel literature: “When the sun is low on a warm, clear morning, and with the heat already rising, we stand at the riverside bike path leading south from Sanxia’s old cobble streets.” Hardly the stuff of your
April 22 to April 28 The true identity of the mastermind behind the Demon Gang (魔鬼黨) was undoubtedly on the minds of countless schoolchildren in late 1958. In the days leading up to the big reveal, more than 10,000 guesses were sent to Ta Hwa Publishing Co (大華文化社) for a chance to win prizes. The smash success of the comic series Great Battle Against the Demon Gang (大戰魔鬼黨) came as a surprise to author Yeh Hung-chia (葉宏甲), who had long given up on his dream after being jailed for 10 months in 1947 over political cartoons. Protagonist