You think you’re immune to
harm because you don’t go to
piracy or porn sites, right? But
putting all your faith in Goody
Two Shoes browsing is like
whistling past a graveyard. Like
commercial fi shermen, crooks
are casting bigger nets to catch
as many fi sh as possible. Here’s
how they do it.1
Crooks discover a new
zero-day exploit using
Adobe Flash, Adobe
Reader, Oracle Java, Apple
QuickTime, JavaScript, or the
browser itself.2
The crooks then hack
into an advertising
server or a web page to
place the code. In some cases,the crooks masquerade as legit
advertisers and buy time on
mainstream websites. These
ads, in turn, are actually hosted
by the crooks’ servers to keep
the company running the ads
from knowing they’re tainted.3
Users browsing the
legitimate website
receive the bad Flashor JavaScript, which then
secretly installs a trojan on
their PC.4
The trojan then con-
tacts another server
that is controlled by
the crooks and receives
instructions on what to do.HOW IT WORKSAnatomy of a Drive-by Download
Unshorten Those URLs
Shortened URLs can conveniently turn unwieldy
web address into bite-size morsels, but they can
also disguise a link to a malware-ridden site.
Though many of the URL shortening services
check for malicious websites, it’s usually better to
verify a shortened URL’s destination. For that, we
use Longurlplease.com. It supports 81 shorten-
ing services. As for cryptic shortened URLs, visit
Virustotal.com to have the address checked by
six URL analysis engines.Run in a Standard User
Account
Running as an administrator in a Windows
OS is a bit like giving someone the right to
walk into your home and rummage through
every nook and cranny. One easy way to
avoid or greatly limit damage from malware
is to always run with standard user rights. Aswith all things, this is no guarantee against
harm. Some malware, even when executed
in a standard user account, can grant itself
administrator privileges and still run rampant
through your PC, but running as a standard
user minimizes risk.Use a Live CD/Linux
Distro to Do Banking
That Windows is the number one target for
cybercrime and mischief is not news to any
of us—naturally, owning 95 percent of the
market makes it an obvious target. That’s why
we agree with security journalist Brian Krebs
(http://krebsonsecurity.com) that members of
the most at-risk group should do online bank-
ing with a Linux Live CD. You can do your
gaming and other Windows-based computing
booted from your hard drive. But once you
have to go into secure mode, whip out yourLive CD and boot to it. Numerous Linux builds
are available, but the most popular, and among
the easiest, is Ubuntu.Restrict PC Access
for Others
So, you’ve created this incredibly secure
moat, ringed with razor wire, claymores, and
mines. And then you let your 14-year-old
nephew play some Flash games or “check
email.” Right. The best solution is to have
visitors use a separate, secured guest PC.
But if they must use your machine, make
sure you have the guest account activated.
Another option is to have them use a virtual
machine. Once they’re done, simply shut
down the VM and erase any trace of their ac-
tivities. Or have them use your HTPC, where
they’re working in the open instead of being
left alone in your offi ce.Although many URL shortening services claim to
scan for malware, it’s probably best to lengthen
those URLs before you click on them, using
Longurlplease.com.Running in standard user mode in a Windows OS has proven to be useful in beating back malware attacks.26 |MAMAMAXIMXIMXIMXIMUUUUMMPPPCC|JAN 2011|www.maximumpc.com
SECURITY