On this article from Digital Trends, some of the most popular websites on the Internet have been (unintentionally) serving up malware ia the ad networks that they subscribe to.
While these sites had no intention (or maybe even knowledge) of this, it goes to underscore a point that, while you may trust Google, Yahoo!, Fox, Facebook, eBay, etc., as trustworthy sites, the bulk of the content that these sites serve up is not coming from them – it’s coming from third parties, such as ad networks, which you don’t necessarily trust, or even know.
To protect yourself from this sort of attack, I recommend the following:
- Limit unnecessary web surfing, especially at work and doubly so for machines and networks which handle sensitive information. If you don’t go to the site in the first place, you can’t get infected.
- Make sure you are using a recent “alternative” browser, such as Firefox or Chrome. While this is no guarantee of safety, Internet Explorer is still the main target for browser-based attacks. Using an alternative platform may lower this risk by lowering your profile.
- Run extensions such as Adblock Plus and NoScript. These disable active programming on websites by default. Note: This does mean more work for you, as the bulk of websites you hit will not work until you enable the scripting components on the pages. However, you are much, much safer from this type of attack.
- Keep your operating system and all other software on your computer patched and up to date. Many of these sorts of attacks rely on flaws in software installed on your computer. If the flaws are patched, then you are less vulnerable to the attack.
- Know what your anti-malware program and operating system alerts look like. Many of these “drive by downloads” rely on tricking the user into installing malware by popping up fake notices telling them that their system is infected, and needs to be scanned. What they are really doing is tricking the user into running the malware in the first place! Don’t be fooled! Learn what your software really is likely to say in the event of malware detection, and how to respond appropriately. If you have any questions, contact your IT staff before taking any action, including clicking on links or closing windows.
- As always, drop those admin rights.