Malicious pages explosion a concern

Hackers are creating 57 000 new Web addresses every week.

This is according to an investigation IT vendor Panda Security, which found out that, 65% of fake Web sites imitate bank pages, followed by online stores and auction pages at 27%. The organisation analysed malicious URLs positioned on the Internet over the last three months.

It positions and indexes these fake pages on leading search engines in the hope that unwary users will click them by mistake.

According to head of Panda's sub-Saharan operations Jeremy Matthews, even though companies are making an effort to ease the situation by changing indexing algorithms, “They cannot fully escape the avalanche of new Web addresses being created by hackers every day.”

Cyber criminals are using these methods because when users search for these names, a link to the malicious Web site will appear among the first results returned, he says. “When they visit these sites, one of two things will happen: [firstly] either malware will be downloaded onto the user's computer, with or without their knowledge.”

Secondly, sometimes the Web site spoofs the appearance of a genuine page, a bank say, and users will unwittingly enter their details that will fall into the hands of criminals, he points out.

Those who become victims usually see their computers infected or any data they enter on these pages fall into the hands of criminals.

Matthews says, in previous years, malware or phishing was typically distributed via e-mail. “However, in 2009 and particularly 2010, hackers have opted for BHSEO techniques, in other words, techniques that involve creating fake Web sites, using the names of famous brands.”

In regards to imitating banking pages. “For the most part, they pose as banks in order to steal users' login credentials. Online stores and auction sites are also popular (27%), with eBay ranked as the most widely used,” Panda says.

These cyber criminals also use around 375 international company brands and names as lures. eBay, Western Union and Visa top the rankings of the most frequently used keywords; followed by Amazon, Bank of America, Paypal and the US revenue service, Panda points out.

Other financial institutions, such as investment funds or stockbrokers, and government organisations, occupy the third and fourth positions, with 2.3% and 1.9% respectively. Panda says: “Payment platforms, led by Paypal and ISPs are in fifth and sixth place, with gaming sites, topped by World of Warcraft, completing the ranking.”

Matthew says, the problem is that when users visit a Web site through search engines, it can be difficult to detect whether it is genuine or not.

For this reason Panda advises users to go to banking sites or online stores by typing in the address in the browser, rather than using search engines.

Stefan Tanase, senior security researcher at Kaspersky Labs, earlier this year at the ITWeb Security Summit, warned that scammers are becoming more advanced and taking advantage of curious and na"ive users. He points out that they exploit the trust that people have on Web sites.

Cyber criminals are also spamming the social Web with malicious links, trying to redirect legitimate traffic to Web sites to malicious content, he points out. “Some of those malicious Web sites are loaded by na"ive users.” They get victims by using botnets, which they use afterwards to spread more and more links, Tanase adds.

What is really worrying, he says, is that browser vulnerabilities are growing. “Our browsers are more like operating systems. Around 80% of people spend their time on the browser. That is where they have their e-mail communication; their friends, everything,” he says.

In an article "Browsing malicious Web sites", Costin Raiu, security expert at Kaspersky Labs, in the EEMEA region says this is an alarming trend. "High-profile, high-traffic Web sites are a valuable commodity for cybercriminals, as the pool of potential victims that can be infected via such Web sites will be larger than usual,” he says.

According to Google, Internet should determine whether a Web site is legitimate or not by looking at the site's domain registration information at www.whois.net. “If the site is official, the company's information should be listed as the domain owner,” it says.

Internet users should also make sure the URL domain is correct when you visit the site, it says. Users should click on any images and links to make sure you aren't redirected to a site within another domain,” the Internet giant adds.

“Always look for the padlock icon. When a site is secure, you'll see a padlock in the status bar at the bottom of your browser window. Look for the lock before you enter any private information, including your password,” it advises.