Saturday, May 08, 2010


Last week we briefly outlined the way websites are targeted by cyber criminals. They are deliberately infected with malware that takes up control of your computer or mobile phone. Malware is a general term for software programs that have been designed with or can be used for malicious intent. These include viruses, worms and Trojans.

Legitimate websites can be infected with links to other web pages where malware is embedded. In a more sophisticated technique, scripts (programming languages) are embedded in websites that automatically download malware from other sources.

Another interesting technique is clickjacking. This is where a button or link is altered so that instead of the proper function executing when you click on it, malware is instead downloaded into your computer.

All these attacks can be countered. Firstly, it is advisable to use a browser that deliberately protects you from malware. Modern browsers will warn you if you accidentally access an attack. The browser will also tell you why it isn’t safe to click that link. Firefox is an example of such a browser that checks every part of a web page before loading it.

Using instant web site ID is also another safeguard. This is an option in browsers that allows you to check a site’s legitimacy before you make a purchase. By clicking on the favorites icon in Firefox you can get an instant identity overview. You will be able to determine how many times you have visited the website and whether your password is saved in it.

Using updated anti-virus software is a must. A competent anti-virus application will automatically check any file that attempts to conduct a stealth download. This will protect you against viruses and other malware which you could have picked up during a surfing session.

Finally, anytime a website asks for your personal information, for example credit card PIN, you need to identify whether the web page is secure or not. You should look out for a URL (web page address) with https. Normally, when browsing the web, the URLs begin with the letters http. However, over a secure connection the address displayed should begin with https - note the s at the end. Check also for the padlock icon somewhere in the window of the browser.

No comments: