Websense is
reporting that 70 of Alexa's
Top 100 sites have been seen either directly hosting, or providing redirects to, 'malicious sites'. Put another way, more than 77% of the sites Websense detected as hosting malicious content were sites with 'good' reputations. While specifics of the definition of malicious aren't given, they do point out that almost 40% of those sites hosted code designed to steal end users' data, including user names, passwords, and credit card information.
A lot of these sites are being advertised in email. By Websense's numbers, about 90% of spam (or, about 75% of all email) contained links to one of these malicious sites.
A quick look through the top 100 shows a lot of familiar names: Google (in all its international incarnations), Yahoo!, Microsoft, LiveJournal, Facebook, Blogger. The unifying theme here is that all of these sites allow user-uploaded content, mostly in the form of blog posts. That content can be anything, from a simple URL pointing at a Canadian Pharmacy website to a cross-site scripting vulnerabilty.
Just as the bad guys are employing a multi-layer offense designed to steal data (such as spam email that points you to a Good Guy redirector that eventually ends up at an innocent-seeming website that pushes a keylogger trojan down to your machine), users need to start considering defense in depth to insure their own safety. The old mantras of "keep your anti-virus software up to date" and "don't click on links from people you don't know" are falling by the wayside in the face of compromised accounts sending out exploits that the virus companies haven't seen yet. What can be done?
- Don't click on links from people you do know, if it seems out of place for them to have sent them. If your mom sends you links to Google Groups, or a business colleague forwards over a Blogspot link, perhaps a phone call to verify the provenance of those links is in order.
- Keep all of your security software up to date. That includes downloading and installing critical Microsoft patches, new fingerprints for your anti-virus software, and upgrades to your web browser.
- Be vigilant with personal information. Change your passwords frequently. Check your bank and credit card accounts at least once a week for unusual activity, and pull your free credit report once a year.
- Consider changing web browsers. Firefox has, historically, been seen as more secure than Internet Explorer.
- Install trusted security add-ons for your web browser. NoScript (a Firefox extension that prevents untrusted sites from running scripts) and the Netcraft toolbar (for IE or Firefox, this toolbar displays registration information and a safety rating for any website you visit) are two tools that should be in everyone's toolbelt.