Avoiding Malicious Sites
Malware distributors often hijack current events to serve malware and with the FIFA World Cup almost upon us (come on Northern Ireland!! Oh.. wait..) a deluge of booby trapped sites appearing in search engine results is inevitable.
As an example, I searched for information on a recent event - Al and Tipper Gore announcing their separation - and found quite a few links that looked innocent but weren't.
Spotting potentially dangerous links within search engine results can be tricky but there are a few things you can look for to avoid being infected.
Tip 1
Unusual or unexpected search results.
[img_assist|nid=13974|title=|desc=|link=none|align=left|width=500|height=70]
In the example, it is strange that an Al and Tipper Gore news story would appear alongside cheap insurance. Also notice the other information returned about the site - it seems random, but it refers to recent hot topics in the news, which can be another giveaway that this site is 'search engine optimised'.
Tip 2
This requires more careful consideration.
[img_assist|nid=13975|title=|desc=|link=none|align=left|width=500|height=68]
The link 'Al Gore divorce' and the further information listed below it match, which doesn't look suspicious. However, look at the structure of the link. A section reads "lkjaa.php?ssp=". This looks pretty random, but the results below all have something similar to the section lkjaa.php?ssp= in the link: <random>.php?<random>=. These sites all served malware.
[img_assist|nid=13978|title=|desc=|link=none|align=left|width=500|height=71]
[img_assist|nid=13977|title=|desc=|link=none|align=left|width=500|height=68]
[img_assist|nid=13976|title=|desc=|link=none|align=left|width=500|height=67]
Tip 3
So, you clicked on one of the bad links - what typically happens? You could be presented with a web page that looks like it will play a video.
[img_assist|nid=13982|title=|desc=|link=none|align=left|width=500|height=319]
When you click on the video window, it will offer a video codec to download. Don't download or run it - navigate away from the page.
You might also be presented with an alert that your PC is infected.[img_assist|nid=13979|title=|desc=|link=none|align=left|width=500|height=126]
[img_assist|nid=13980|title=|desc=|link=none|align=middle|width=500|height=344][img_assist|nid=13981|title=|desc=|link=none|align=left|width=500|height=343]
Your best option is to use Task Manager to kill the browser. To do this:
Hit ctrl+alt+delete
Select the Task Manager
Select the Processes tab.
If you use Firefox, look for firefox.exe. Highlight & end process
If you use Internet Explorer, look for iexplore.exe (NOT explorer.exe!). Highlight & end process
If you use Opera, look for opera.exe. Highlight & end process
When you restart your browser, if it offers to reload the pages you were viewing previously, select not to, otherwise the rogue installer pages will reload.