Google Chrome and Instant Pages. A hackers new best friend?

Image representing Google Chrome as depicted i...

Image via CrunchBase

This is one of those articles where I start reading thinking, this is an interesting approach.  It seems to take caching to a new level to help speed up your web browsing experience by “pre-caching” sites before you ever go to them.

But then I make a switch from right brain “this is cool and forward thinking” to left brain “immediate paranoia”.

One of the methods (discussed ad naseum) to promote malware is the utilization of popular search terms and optimized sites to get good search engine results.  Many AV providers use a “search ahead” feature to look at the sites in your search result and give you a visual indicator of what may be a malicious page.  If Chrome independently makes the decisions to load the pages on your behalf (to make your web browsing experience better), this also provides an effective avenue for malware delivery.

While I’m certain there will be an option to disable this feature, this raises enough concern to not use Chrome 13 for me.


Obama Birth Certificate search results yield malware

It’s long been a tactic of ne’er-do-wells to capitalize on topical issues to deliver malware.  Today is no different.  Many of the “1st page” Google image results for “Obama Birth Certificate” yielded images which had embedded exploits which would take advantage of known browser and/or Java vulnerabilities.

When you think about it, this is a very effective mechanism for malware delivery.  In our post-physical newspaper society, many get their news from online news sources.  Of that many, some will consistently goto the same sites to get information, the rest will simply search for (dare I say Google) what specific piece of news they are looking for.

Malware authors are well aware of this and capitalize on it quite often. While users may have become more aware of this when looking a links in a typical Google search, they may not be as aware when doing searches on images (like have occurred recently with Charlie Sheen and the Obama Birth Certificate searches).

So what can you do to help protect yourself in this ever changing malicious environment we call the Internet?

  1. As a “safe browsing technique” – try to use known, “reputable” new sites when you are looking for topical information.  I will concede that just because news site is well known does not make it immune from being hacked or to be delivering malware.  But the chances are much less with those sites than general unknown sites.
  2. Certainly use caution with all pop-ups that ask you to download, install, or run anything.  Also do not rely on the little red X to close those windows.  Chances are, it won’t do what you expect it to.  You are best off to bring up your system processes and just kill off your browsing sessions and start over.
  3. Make sure you operating system and security applications are kept up to date.  If you stay current with your patches and keep your security protection suite updated, you have reduced the opportunity for any of the known exploits to actually work on your system.
Follow these precautionary steps and you could be “winning” too…