The Web can be a Dangerous Place

by Cary C
The document discusses that hackers have begun to use AJAX (Asynchronous JavaScript and XML) and break their code up into smaller junks so that they are not as visible to antimalware detection systems.  Taken individually, the small pieces of code appear to be 100% legitimate.  They go out and fetch little pieces of information and are able to pass through antivirus and intrusion detection systems.  However, when the information they carry is combined into a web browser’s memory, the code becomes malicious.  The article recommends that users should make sure their browsers and Flash Player are updated.

I would imagine that all of us have come across at least one person in recent history who has infected their computers merely by going to a website.  Ten years ago, users had to click something on a malicious website in order to have their computers infected due to their naiveté.  While computers and antivirus programs have greatly evolved since then, the ability of hackers who exploit machines has also improved dramatically.  Today, a user may only have to visit a website to become infected.  I can speak from experience as I have had to rebuild my wife’s PC twice because she went to some particular website on an unsecure wireless connection that was being provided by some business she was visiting.

While JavaScript can make a user’s web experience more engaging and entertaining, it also has the ability to make that experience turn into a nightmare.  In the past few years, the majority of people that I have known who have had their computers infected tell me that all they ever do is browse the Internet.  They do not, or at least they claim not to, click on random links, but that is not enough to keep a machine free of malicious code.  Merely going to certain websites is enough to infect machines today, and that is why spammers attempt to get users to visit these sites by using various hoaxes.  Fortunately, there are security companies in the world who routinely discover these types of security holes and notify the manufacturers of the software so that patches and updates can be created.  However, these patches and updates are only effective if users elect to install them.  The best advice I would offer someone is to make sure that all of their software is at least six months within being the most current available and that if some website link looks suspicious, it is best to stay away from it.

Reference:

Constatin, L. (2012, Jan 5th). Fragmented AJAX-based Web Exploitation Attacks Detected in the Wild. PC World. Retrieved from http://www.pcworld.com/businesscenter/article/247332/fragmented_ajaxbased_web_exploitation_attacks_detected_in_the_wild.html.

1 thought on “The Web can be a Dangerous Place”

  1. Simply browsing smart and staying on safe and legitimate websites are just about full-proof methods of avoiding viruses as long as you’re careful with curiously clicking Facebook or AIM links (they are so tempting). I appreciate the efforts of tools/browser enhancements such as NoScipt for Firefox to help make the internet a safer place to browse, but these tools often get in the way of a quick and efficient browsing experience. Constantly picking and choosing what you want to allow from a page can get pretty tiring,as well as keeping these programs/applications up to date. Oh well, this inconvenience probably isn’t comparable to the benefits of the tools’ protective capabilities.

Comments are closed.