Major Websites Hacked Leaving Users Vulnerable
These days you can't even rely on visiting only major websites to stay safe online
Many Internet users think that so long as you visit well-known websites you'll be safe online. Yet ,recent research from AVG's Web Threats Research Team has identified two cybercrime campaigns coded into some of the internet's most popular sites.
With increasingly sophisticated attacks, sticking to major websites when browsing online is not enough to keep you safe anymore. Cybercriminals aren't lurking only in the internet's dark alleyways waiting to steal your details, but are brazenly hacking sites you already trust in order to install so-called 'ransomware' on your PC or tablet.
See also: Why the police virus was so effective
AVG's Insight Report reveals how researchers discovered a popular page on MSN Italy was redirecting visitors using malicious code that bore the traits of the 'Cool Exploit Kit' - one of the latest in a growing number of off-the-shelf malware solutions available to wannabe cybercriminals.
The malware generated a full-screen message claiming to be from the US Department of Justice, which advised users their PC had been blocked due to illegal files saved on the systems network.It's a similar tactic to the 'police' virus which has been robbing users of their cash recently.
Although prompted to pay a 'release fee' to regain control of the system, paying the 'ransom' did not unlock the machine or remove the malicious code. To regain control, the user (or an IT professional) had to clean boot the machine and attempt to repair it by tracking down and removing the malicious code.
The Redkit - like many exploit kits - was configured to install malware on any exploited PC; in this case it installed the Citadel Trojan, which stole users banking credentials and other sensitive information stored on their PC. The bulk of the reports were from consumers in the US, Canada and the UK.
What might seem some surprising is that these are clearly not amateur websites built and operated without thought of security or budget to keep the bad guys out - they're major websites owned by large corporations, and most people would quite naturally assume they'd be safe visiting them without fear of their computer being harmed.
Yuval Ben-Itzhak, AVG'S Chief Technology Officer said, "These cases prove that advice to stick to reputable websites to avoid cybercriminals is no longer fully valid. Of course, you'll be safer than if you browse the Internet's seedier destinations, but hacked sites are as common as ever and infected pages can be, as we see here, served from big-name sites that you would normally expect to be safe and secure."
To ensure you do not fall victim to the latest malware trend AVG suggests following the three simple steps below:
1) Scan those links: This has to be the first line of defence against web-based malware. Many security products come with link scanner capabilities already installed. After all, if you can avoid the infected pages completely, your device stands a much better chance of staying protected.
2) Security software: Link scanning is one measure you should take, but it's also important to have up to date antivirus security software installed. It can help prevent the malware from doing any damage by either blocking it in the first instance or, if it does manage to infect your system, removing all traces of the software.
3) Moving target: Recent research shows that mobile malware is rising. Whether you are browsing using your tablet, smartphone or laptop stay sharp about online threats and take action to protect yourself online.
You may also be interested in our security software reviews
Big data and cloud computing are forcing organizations to adopt digital services and NIIT Technologies is helping them get there, says the company’s CEO and Joint MD, Arvind Thakur.
The number of zero-day and Web browser vulnerabilities shot up in 2014, but overall software vendors are patching faster.
Palo Alto Networks has discovered a widespread vulnerability in Google's Android mobile operating system that allows attackers to hijack the installation of the Android Package File (APK) app on user devices and replace it with an app of the attacker's choice.
Microsoft has blacklisted a subordinate CA certificate that was wrongfully used to issue SSL certificates for several Google websites. The action will prevent those certificates from being used in Google website spoofing attacks against Internet Explorer users.