Legit sites spread malware more than shady sites

Whenever we see someone who has been compromised by a virus, hack, or malware the usual jokes come out referring to the user’s shady browsing habits. Warez and porn sites used to be the majority provider of these types of attacks, but as I have been repeatedly telling people, and now Google data also backs my argument, malware comes from everywhere. Typically now, we see high-traffic sites pushing legitimate content getting hijacked and becoming a source of malware.

The ways these sites are spreading malware vary. In some cases its malicious ad content spread from the 3rd party ad company. Usually the ad company can catch it in time, but often they rely on users reporting bad ads in. Other times it’s a flaw in the system that the individual content providers provide. This could be code they wrote or even popular CMS system’s code. Systems such as wordpress, drupal, and anything utilizing php or javascript are highly targeted.

In order to to combat some of this you can use an ad-blocker. The caveat here is that many sites, including mine, rely on ad revenue in order to pay the bills. Unfortunately there is no way a user can protect themselves from vulnerabilities in blogs that utilize wordpress. Such security conscious actions must come from the site’s owner. This is yet another reminder to always update your software.

Original Article:

http://arstechnica.com/security/2013/06/vast-majority-of-malware-attacks-spawned-from-legit-sites/

Agent[31]

Agent[31] works in the IT field for a living. He enjoys a wide variety of interests from music to photography to computer games. He wants to share the joy he finds with others.