Hidden malicious code an increasing problem on the web
A CNet article this week discusses badware and the increasingly subtle tricks employed by badware distributors to hide malicious code on apparently innocuous websites. As CNet notes, "[m]alicious JavaScript can be embedded in a Web page and will typically run without warning when the page is viewed in any ordinary browser." Some websites intentionally distribute badware, while others are legitimate websites that have been hacked to install malicious code without the site owners' knowledge. Either way, it's getting harder for the average internet user to know if a website they want to visit is safe.
According to Jose Nazario of Arbor Networks, initially, those distributing badware through the web left the malicious code undisguised, often in plain javascript that could easily be revealed by checking a site's source code. Recently, however, attacks have tended to hide the malicious code inside obfuscated javascript, which must be decoded before its harmful nature is visible. Obfuscated javascript is harder for website owners to recognize as a threat, and is often not detected by antivirus software.
How can internet users protect themselves? StopBadware recommends using the most up-to-date versions of web browsers, as many vulnerabilities targeted by malicious code are intended to exploit security holes that are patched in newer versions of browser software. Lists of websites that host badware - such as StopBadware's Badware Website Clearinghouse - can help show sites to avoid. If you are a website owner, visit StopBadware's page of security tips to learn more about keeping malicious code off your site. To find out more ways to get involved in fighting badware on the web, click here.
According to Jose Nazario of Arbor Networks, initially, those distributing badware through the web left the malicious code undisguised, often in plain javascript that could easily be revealed by checking a site's source code. Recently, however, attacks have tended to hide the malicious code inside obfuscated javascript, which must be decoded before its harmful nature is visible. Obfuscated javascript is harder for website owners to recognize as a threat, and is often not detected by antivirus software.
How can internet users protect themselves? StopBadware recommends using the most up-to-date versions of web browsers, as many vulnerabilities targeted by malicious code are intended to exploit security holes that are patched in newer versions of browser software. Lists of websites that host badware - such as StopBadware's Badware Website Clearinghouse - can help show sites to avoid. If you are a website owner, visit StopBadware's page of security tips to learn more about keeping malicious code off your site. To find out more ways to get involved in fighting badware on the web, click here.