Author: Elias Rizos

You hear and see more and more of it. Huge internationally, renown websites fall victim to distributing malware to their visitors via malicious advertisements. Currently it’s the #1 way to distribute malware and not a lot can really be done about it. Here are the 2 most popular ways malicious ads can ruin your online reputation with your users and search engines:

Method 1:

1. A person or group contacts you (or your advertising dept) and buys ad space.

2. Your advertising dept receives a flash advertisement that looks perfectly safe and harmless.

3. The ad is approved.

4. Later that day a script is triggered in the flash animation to automatically download a malicious .exe (like fake-av.exe) as soon as the user (like mom or pop) visits the web site. In some instances users may be redirected to a site that loads a barrage of exploits against the users PC. This is far worse than 1 malicious .exe of course.

5. The site administrator may or may not be alerted quickly to the site hijacking.

6. All it takes is just a few seconds or minutes to infect thousands of visitors.

7. The malicious ad is removed, but it way too late.

Obviously the easiest way to defend against this type of hijacking is just to say no to any scripted advertisements. This will cut down on maliciously scripted ads, however it also cuts down on good advertisers willing to pay good money for ad space. It’s a tough choice.

Method 2 – this is nearly impossible to deal with…

1. A person or group contacts you (or your advertising dept) and buys ad space.

2. Your advertising dept receives a flash advertisement that looks perfectly safe and harmless.

3. The ad is approved.

4. Later that day the landing page for the ad is switched to a malicious landing page.

5. When a visitor clicks the ad they may now be subjected to whatever is on the new malicious landing page.

6. Again, the website administrator may or may not be alerted to the malicious ad in a timely manner.

7. The malicious ad is removed, but it way too late.

Keep in mind that I’ve only discussed 2 ways malicious ads can ruin your online reputation. They are many more.

Article Source: http://www.articlesbase.com/security-articles/how-a-legit-website-starts-distributing-malware-1399154.html

About the Author:

For other tips on protecting your website stop by my blog at remove-malware.com. I also have another blog I’m working on that centers on netbook comparisons and netbook windows 7.

The number of bad email has been consistently rising for several months. These email are trying to obtain your personal information (phishing), install malicious software, turn your system into a spam server, etc.  Here are some examples:

Example 1
Dear user of the your_domain.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (user@your_domain.com) settings were changed. In order to apply the new set of settings click on the following link:

http://your_domain.com/owa/service_directory/settings.php?email=user@your_domain.com&from=your_domain.com&fromname=user

Best regards, your_domain.com Technical Support.

Example 2
Notice of Under Reported Income
Taxpayer ID: frankjames-00000123456789US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on Internal Revenue Service (IRS) website (click on the link below):

review tax statement for taxpayer id: frankjames-00000123456789US

Internal Revenue Service

Example 3
You may recieve a email from your bank or other financial institution wanting you to verify your account information for whatever reason. THIS IS ALWAYS AN ATTEMPT TO OBTAIN YOUR ACCOUNT INFORMATION!   DON’T DO IT! Your bank or other financial institution will never request this information from you through an email.   If in doubt call your bank.  Never trust any phone number listed in the email.   Use your latest bank statement or the phone book to find the phone number.

Example 4
You should never recieve an email from yourself.  This is one of the many ways spammers use to fool your email system in to thinking it’s a valid email.

Here are a few simple steps you can use to help protect yourself.

• If in doubt JUST DELETE THE EMAIL!
• Ensure your anti-virus software is up-to-date.
• If you get a lot of email from friends and family then ask them to put a secret code in the subject line.  For example “Pictures from Mike’s Birthday Party – 7654″ Only you know this code so it should be a valid email. A spambot will not know about the code.
• If you think it might be legitamate then Google it. I’m sure someone has ran in to the same email and will have some insite on it’s legitimacy.

• If it’s from an institution that you do business with then call them.   Be sure to use a phone number listed on a current statement or the phone book.
• Never send user ID’s or passwords to anyone through email.  Email is not secure!

Be Safe!

Author: Paul Lubic

In Passwords Part I: Why Do We Need Them? we discussed the importance of using strong passwords. In this article, we’ll describe strong passwords and how to create them. (more…)