You’re probably aware of the dangers of browsing dodgy Web sites. Your computer can pick up all sorts of viruses and malware. (And don’t think that you’re immune if you’re using a Mac or a phone. You’re not.)
But the reality is that any site can be infected, even big-name sites like NBC or the Huffington Post. Just visiting one of your regular sites can compromise your computer, your bank details, your email, or more.
If you see this warning – STOP!
ZDNet has a useful piece that analyzed exactly how the so-called “drive-by” attack at NBC worked.
- Hackers gained entry to the NBC site on February 21 and altered the source code of several websites. (Technically, they added an invisible iFrame which linked to a malware site, so that the pages appeared to be unchanged.)
- The injected code ran the RedKit Exploit Kit which scans a visitor’s PC for vulnerabilities in installed software. It targets vulnerabilities in common applications such as Java and Adobe Reader.
- When a user visited one of the infected pages, RedKit deployed a banking trojan called Citadel onto the user’s computer. Citadel typically steals user banking credentials.
- NBC were alerted to the issue and within a few hours had identified and replaced all the affected code. In the meantime, access to the site was blocked by Google, Facebook, Chrome and some anti-virus tools.
So what can you do?
It’s extremely hard to protect against attacks like this. Literally any site could be affected, and it’s almost impossible to detect.
- If you see a warning about a site, DO NOT ignore it. Even if the site is a well-known, popular site you’ve visited hundreds of times, it could still be compromised.
- Never install ANYTHING you didn’t explicitly request, and even then, only if you’re 100% sure what it is and that it’s safe.
- Make sure your virus checker is up to date.
- Change your passwords frequently.
- If you have ANY doubts about your computer security, switch it off, disconnect it from the Internet, call a professional and have them check it right away. We won’t assume the worst of you if we find viruses or malware.
Be safe. Be careful.