Web Wide War, Lifestyle - SciTech - Pune Mirror,Pune Mirror

Posted On Sunday, November 15, 2009 at 02:25:40 AM

London: Spams on the net are nothing new. But, the spam links — hit by exploiting a subtle, hidden flaw in the website — are now selling dubious products from viagra to credit cards. And those hit are not only biggies like Google.

Others with similar spam links included the Montserrat Volcano observatory site, a European research site, a Minneapolis-based artist, an Australian website for singers, a recruiting company in California, the personal webspace of a maths professor at the University of Texas in San Antonio and a medical devices website run by a large healthcare company.

According to the Guardian, the hacker find holes in the open source content management systems (CMS) of each of the blogs and websites, exploiting them to alter the sites at will.

New motives, new tricks
The addition of spam links to a webpage is a comparatively low-key problem. The bigger risk now is from “drive-by” downloads —malware (malicious software) that will try to infect Windows machines that visit a particular website by exploiting vulnerabilities in the browser.

Experts agree that the change is due to one critical factor: money. Hackers don’t now aim to make a mess; they do it to get cash. Part of what’s changed is the point at which a site’s vulnerabilities are exploited.

Search and destroy
Nowadays, what is surprising is the methods used to identify sites to break into. Reports the Guardian, extensive research into the phishing sites hosted on cracked web servers led to the finding that people were using Google to find websites to break into, by doing specific searches for particular versions of software that they knew had particular vulnerabilities. After finding such sites, they would hack into 50 or more using the same technique.

Bigger game
The targets are getting bigger, too. In the past couple of months, both the New York Times and the gadget site Gizmodo have seen their online advertising being compromised to try to create “drive-by” infections; and the growing use by criminals of iframes — invisible or tiny webpages-within-webpages which may take their content from anywhere on the net — has increased the risk to the casual browser.

According to ZoneH.org, a site on which hackers report on website breach defacements, for the month of October 2009 they reported 47,560. That’s about half a million defaced websites per year.

Safety net
The best bet according to experts is for a web user to stay aware. Lock down the browser and don’t have stuff running like audio, images or video.