Feb 24, 2009

Maliciously-Coded Web sites


    Maliciously-coded Web sites can take many different forms, from installing Trojan horses to redirecting you to an unrequested site. But one of the most threatening forms of maliciously-coded websites are designed to steal passwords which are on the rise. A very common form of these Web sites takes advantage of human's charitable instincts by setting up traps in what appear to be sites that allow you to make donations to victims of natural disasters such as Hurricane Katrina. Hackers set up a fake sign-in page, and then encourage unsuspecting victims to enter their credit card number and other personal information.

   In addition to stealing personal information, maliciously-coded websites are also often designed for the following purposes:

  1. Installation of keyloggers
  2. Adware/ spyware/ reading cookies
  3. Drive-by downloads
  4. XSS - cross--site scripting to utilize web browser flaws for other intentions.

Prevention
     In order to protect your network, you should encourage your employees to purchase information only from security certified sites, and to use PayPal instead of a credit card whenever possible, since by doing so they will not have to reveal their credit card information to another site. In addition to limiting the number of times credit card information is typed into a website, paying by PayPal is also helpful because maliciously-coded sites are less likely to accept PayPal payments since the owners of that PayPal account are easier to trace to an address or bank account.

     Further, you should instruct your employees to never sign up for new Web 2.0 applications without using a different username and password than they ordinarily use for sensitive data. Creating a regular browser patch and plugin update schedule will also ensure that your virus and email protections are up to date. Finally, you should systematically set the browser security settings of all your network computers to a higher than default setting. While this step will not eliminate the possibility that your employees will stumble upon maliciously-coded sites, it will reduce the incidence of that occurrence.

No comments:

Post a Comment