If you've succumbed to temptation and visited a site that offers an easy way of paying off your mortgage, or a shortcut to increasing your sexual potency, you'll probably shrug and accept any subsequent PC virus, before quietly spending a few hours disinfecting your system and making a hollow promise not to be caught out again. But if the same thing happens to you while visiting sites run by the Sydney Opera House or the Bank of India, you're more likely to feel righteous indignation, and loudly ask what the hell is going on.
Cyber-criminals are coming up with ever more inventive ways of infecting as many PCs as possible, and as we become savvy about setting up firewalls, deleting dubious-looking e-mails and ignoring the lure of the fast buck or lurid pornography, genuine websites are targeted instead. If successful, hackers leave malicious code sitting on popular pages which, when we pay them a visit, is automatically downloaded to our machines. Reader Jim Atkinson notes a recent example: "Over the Superbowl weekend in February, the Miami Dolphin stadium website was hacked, and began uploading a keystroke recorder to any of the thousands of PCs that connected to its front page.
"For obvious reasons, these are known as 'drive-by' downloads, and their effectiveness in catching us out explains their proliferation; earlier in the summer it was estimated that nearly half a million pages already had malicious code embedded, and between June and July the number of drive-by downloads trebled. And this isn't the act of teenagers messing about to gain notoriety – it's driven by financial gain, either by using keystroke recorders to send personal information to a remote computer when you type, or by connecting compromised PCs together into what's known as a "botnet" which is then used for nefarious purposes.
Russian hackers recently managed to bring down virtually the entire internet infrastructure in Estonia using a botnet – and, as Paolo Morelli pointed out via e-mail, there's no obvious evidence that your computer has even been compromised.
It's a grim situation, but the industry isn't sitting back and doing nothing – they have as much to lose as we do, after all. Google researched a paper earlier this year on the subject, and they continue to work on ways in which they can guide us away from compromised sites. And Symantec believes that the technology it's employed in the latest versions of Norton AntiVirus and Norton Internet Security – both of which have just been released – puts them at the forefront of the battle.
What's clear is that merely being "sensible" is no longer sufficient precaution; we need to be pro-active to keep our PCs squeaky clean.
Next week's question comes from Vince Hunter:
"I keep losing out on eBay auctions, and I'm sure it's down to people cheating the system. So, do I break the terms and conditions, and cheat as well?"
Any comments, and new questions for the Cyberclinic, should be e-mailed to firstname.lastname@example.org.Reuse content