Tuesday, March 20, 2012

How a Casual Web Browsing Session Can Lead to Malware Infections

World Wide WebSo there I was, sitting at home with my computer reading news articles, skimming over the latest tweets from those I’m following on Twitter and checking out the blog of one of the reality stars on a television show I was watching.

I wasn’t downloading anything, visiting any “shady” sites or anything of the sort. I was just casually surfing the internet in my Monday evening downtime shortly before crashing for the night.

So you can imagine how surprised I was when an ESET alert popped up, notifying that it had discovered malware – identified as HTML/ScrInject.B.Gen (Microsoft detects it as JS/BlacoleRef.A) to be specific – on one of the sites I was browsing.

For those who are unaware, HTML/ScrInject.B.Gen is a Trojan that injects malicious iFrames into websites in order to conduct drive-by-downloads on unsuspecting users.

Whenever a user visits a website that’s been compromised, the hidden iFrame will load a third-party site that will attempt to exploit any system vulnerabilities in order to download and install malware onto the visiting machine.

Thankfully, I was running antivirus software and so the malware was caught, but my experience is a huge reminder how important it is for users to take the proper steps to protect their PCs.

Even though you may be browsing websites that SHOULD be safe to visit, the fact of the matter is websites get hacked all the time and a lot of the time site owners don’t even realize their site has been compromised until it’s pointed out to them.

By that time, it’s already too late.

How to Keep Your PC Safe While You Surf the Web

If you’re curious on how you can do your best to prevent your PC from being infected by whatever malware is roaming around, here are a few tips that may help:

  • Keep your system’s operating system up-to-date. Many users don’t realize the importance of updating Windows whenever Microsoft issues patches for system vulnerabilities – and cybercriminals love taking advantage of this. Don’t leave yourself open for infection when it could easily be prevented.

  • Make sure you install updates for installed software. While it’s important that you keep your OS current, it’s also critical that you don’t forget to patch whatever software that’s installed on your PC. So make sure your browser is up-to-date, along with Java, Adobe Flash, Adobe Reader and Adobe Acrobat as those are programs commonly exploited in drive-by-download attacks.

  • Consider disabling Java browser plug-ins or uninstalling it altogether. Do you really need Java to be installed on your PC? If you don’t, then it may be best to just uninstall it completely from your computer. If you do need it – say for your bank’s website – then dedicate one browser to that task and disable the Java plug-in for your remaining browsers.

  • Look into the best security plug-ins for your browser – and use them!  There are a number of plug-ins that will help you secure your browser and ultimately provide you with the best web experience possible. For instance, Firefox users enjoy NoScript since it allows you to control which scripts execute on a website, which is something that can come in handy if you happen to visit a site rigged with malicious JavaScript. Do a little research and figure out what’s recommended for your browser of choice.

  • Always run antivirus software. You never know what’s going to be lurking on that next website you visit or hiding inside that file you downloaded, so always make sure you’re running antivirus software and keep the virus definitions up-to-date.

  • Remain vigilant and use common sense. Make sure you know how to spot a malicious image link when you see one and if a link looks suspicious, don’t click on it. Only download files from trusted sources and scan all downloaded files.

Do you have any other tips? Feel free to share them below!

Happy Surfing!

Photo Credit: Bull3t

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment