It’s long been a tactic of ne’er-do-wells to capitalize on topical issues to deliver malware. Today is no different. Many of the “1st page” Google image results for “Obama Birth Certificate” yielded images which had embedded exploits which would take advantage of known browser and/or Java vulnerabilities.
When you think about it, this is a very effective mechanism for malware delivery. In our post-physical newspaper society, many get their news from online news sources. Of that many, some will consistently goto the same sites to get information, the rest will simply search for (dare I say Google) what specific piece of news they are looking for.
Malware authors are well aware of this and capitalize on it quite often. While users may have become more aware of this when looking a links in a typical Google search, they may not be as aware when doing searches on images (like have occurred recently with Charlie Sheen and the Obama Birth Certificate searches).
So what can you do to help protect yourself in this ever changing malicious environment we call the Internet?
- As a “safe browsing technique” – try to use known, “reputable” new sites when you are looking for topical information. I will concede that just because news site is well known does not make it immune from being hacked or to be delivering malware. But the chances are much less with those sites than general unknown sites.
- Certainly use caution with all pop-ups that ask you to download, install, or run anything. Also do not rely on the little red X to close those windows. Chances are, it won’t do what you expect it to. You are best off to bring up your system processes and just kill off your browsing sessions and start over.
- Make sure you operating system and security applications are kept up to date. If you stay current with your patches and keep your security protection suite updated, you have reduced the opportunity for any of the known exploits to actually work on your system.
- Google Image Poisoning Leads to Exploit (community.websense.com)
- You can submit malware and suspicious files to Microsoft for analysis (obieosobalu.wordpress.com)