Tug of war between hackers and software makers
30 Jan 2008
Security companies have admitted they are struggling to cope with the new wave of online threats.
Recent reports claim thousands of UK specialist websites have been embedded with malicious Javascripts.
When people visit an infected site, their computer runs the Javascript, which then looks for flaws in software such as the Internet Explorer browser or Apple Quicktime video player. Once it finds these it can then download programs such as Trojans and keystroke loggers.
Javascripts are normally innocuous programs that are used to create visual effects on websites. Therefore people’s browsers are generally set up so that Javascripts will download.
Current security software is having trouble detecting these attacks because the malicious Javascript that starts the attack is given a different name each time. The additional malicious programs are also disguised each time they are downloaded.
According to Bruno Rodriguez, business unit director at Panda security, companies “are seeing thousands of attacks that use these methods to bypass antivirus filters in order to download keylogging software and steal PC data”.
These latest Javascript attacks only compound consumers’ misery after criminals recently launched another form of attack that also caught security companies on the hop. This rootkit attack has used a technique not used for a number of years to control people’s PCs; security companies are still working to stop this.
People can follow a few simple guidelines to keep themselves safe. Security firms advise disabling Javascripts except for trusted sites.
Also use website scanning tools, such as Scandoo, which scan each site for threats and give each one a safe rating.
To disable Javascript on Internet Explorer, click on the Tools menu in the taskbar. Then click on Internet Options, then click Security. Once this page has come up click on Custom level, this will bring up a security setting screen. Scroll down to Active Scripting and click disable or prompt.
Those using Firefox should once again click on the Tools menu in the taskbar. Then click on Options, then click on the Content icon. Here uncheck the box next to Enable Javascript and click OK.
Firefox users can download Noscript, a free plugin that stops all Javascripts running unless explicitly told otherwise. People can download it from Computeractive downloads.
The latest home computing news
The best PC tools, applications and more
Independent opinions on new hardware and software
Easy-to-follow projects with pictures
Solve PC problems with our Q&A
PC projects demonstrated and product reviews
An in-depth look at how to get the best from your PC
What's coming up in Computeractive
Get help with your PC problems from our readers
Your chance to win computing prizes
Great deals on products, services and more
NEW!
Computeractive CD Rom 11
All 26 issues of Computeractive from 2008 on one CD-Rom.
Ultimate
Guide to Disc Burning
Everything you need to know about creating your own discs.
Create
your own Calendars
The fun and easy way to create your own calendars!
Computeractive
Back Issues
Missed an issue? Click here to find a back issue
Keeping an eye on the latest XP and Vista news
One of the major changes in Outlook 2007 had nothing to do with the Ribbon but that Word was used to display...
> More from the Windows Watch blog
Your daily dose of download discussion
Keeping certain files backed up helps to keep items safe in case anything disastrous happens to your computer, but although most of...
Computeractive is not reponsible for content of Google adverts
Reader comments