Security companies have admitted they are struggling to cope with the new
wave of online threats.
Recent reports claim thousands of UK specialist websites have been embedded
with malicious Javascripts.
When people visit an infected site, their computer runs the Javascript, which
then looks for flaws in software such as the Internet Explorer browser or Apple
Quicktime video player. Once it finds these it can then download programs such
as Trojans and keystroke loggers.
Javascripts
are normally innocuous programs that are used to create visual effects on
websites. Therefore people’s browsers are generally set up so that Javascripts
will download.
Current security software is having trouble detecting these attacks because
the malicious Javascript that starts the attack is given a different name each
time. The additional malicious programs are also disguised each time they are
downloaded.
According to Bruno Rodriguez, business unit director at
Panda
security, companies “are seeing thousands of attacks that use these methods
to bypass antivirus filters in order to download keylogging software and steal
PC data”.
These latest Javascript attacks only compound consumers’ misery after
criminals recently launched
another form of
attack that also caught security companies on the hop. This rootkit attack
has used a technique not used for a number of years to control people’s PCs;
security companies are still working to stop this.
People can follow a few simple guidelines to keep themselves safe. Security
firms advise disabling Javascripts except for trusted sites.
Also use website scanning tools, such as
Scandoo,
which scan each site for threats and give each one a safe rating.
To disable Javascript on Internet Explorer, click on the Tools menu in the
taskbar. Then click on Internet Options, then click Security. Once this page has
come up click on Custom level, this will bring up a security setting screen.
Scroll down to Active Scripting and click disable or prompt.
Those using
Firefox
should once again click on the Tools menu in the taskbar. Then click on
Options, then click on the Content icon. Here uncheck the box next to Enable
Javascript and click OK.
Firefox users can download Noscript, a free plugin that stops all
Javascripts running unless explicitly told otherwise. People can download it
from Computeractive
downloads.
Reader comments