Internet Drive-By Shootings

Every couple of months, one of my family members asks to me to take a look at their computer. It seems like no matter what browser they use, or what security software they purchase, someone finds a way to infect their system with malware. Malware has become a fact of life for most Windows users and no amount of careful browsing or antivirus protection seems to make much difference.

A common myth is that the only way to get hit by a browser exploit is to visit “bad” web sites. The reality is that it only takes a single line of Javascript code to send your browser off to the darker areas of the Internet. Many respectable web sites are inadvertently allowing attackers to target their users. Just last week, the media covered an example where a MySpace banner ad resulted in over one million malware infections. This banner ad redirected the user to a malicious WMF file, that when opened, installed an adware application. A similar attack occurred on the LiveJournal network just a couple months earlier. In both cases, the web site operators were not aware that the attacks were occurring until someone complained.

Although banner ads are one of the more effective ways to attack a user, there are stealthier techniques available that an average PC user will never notice. Most web site visitor tracking programs use a script include tag to load client-side code from the tracking service provider. The browser will connect to the service provider, download the tracking code, and then execute that code in the context of the current web page. This technique is completely transparent to the user and provides an efficient method of tracking web site usage statistics. The same technique can be used by attackers to exploit browser flaws and trigger a malware installation.

As discussed in a few of our previous posts, the important of proper Internet security cannot be underestimated. We recommend using a VPN service to access web data, if you’re in Japan, Taiwan or China then you’ll need to find information that is accurate – please look at some of VPN networks for Taiwan (台灣).