They're not the usual suspects... you may be surprised
The scariest sites on the net? They're not the ones you might suspect. Here's what to watch for and how to stay safe, in our list of the 17 scariest places on the internet.
Threat 9: Malicious PDFs that try to fool you into installing malware
The place: Hacked websites, plus your inbox
As Microsoft has become more serious about Windows security over the past few years, would-be attackers have had to find new ways to infect PCs. Attacking flaws in Adobe Acrobat is one of these newer methods. So-called poisoned PDFs are PDF files that have been crafted in such a manner that they trigger bugs in Adobe Reader and Adobe Acrobat; posted on a hijacked website, they may let an attacker commandeer your PC and access your files and personal info.
A newer variant takes an otherwise innocent-looking PDF document and inserts malware into it. Adobe Reader may pop up an alert asking if you want to run the malware, but hackers can edit those messages to trick you into opening the file. How serious is this problem? In 2009, attacks using malicious PDFs made up 49 percent of Web-based attacks, according to security firm Symantec.
If you have to go there: First, always make sure that you're running the latest version of Adobe Reader. You can also use a different PDF reader, such as Foxit Reader. This can protect you from attacks on holes in Adobe Reader itself, but it won't make you immune to all PDF attacks, such as the newer ones that embed malware inside the PDFs. Make sure, also, that you update to Adobe Reader 9.3.3 or later (Reader 8 users should update to version 8.3.3 or later); these updates change the way Adobe Reader handles non-PDF attachments and reduce the risk from such attacks.
You can turn off Adobe Reader's ability to open non-PDF attachments by going to Preferences, clicking Trust Manager, and unchecking Allow opening of non-PDF file attachments with external applications.
The next major release of Acrobat and Reader will provide a new 'protected mode' against these attacks.
Threat 10: Malicious video files using flaws in player software to hijack PCs
The place: Video download sites
Attackers have been known to exploit flaws in video players such as QuickTime Player and use them to attack PCs. The threats are often 'malformed' video files that, like malicious PDFs, trigger bugs in the player software that let the attackers in to spy on you, plant other malware, and more.
If you have to go there: Keep your player software up-to-date. Apple and Microsoft periodically release patches for QuickTime and Windows Media Player, respectively. Avoid downloading videos at random. Stick to well-known video sites such as YouTube, or to download services like iTunes.
Threat 11: Drive-by downloads that install malware when you visit a site
The place: Hacked legitimate sites
A drive-by download occurs when a file downloads and/or installs to your PC without you realizing it. Such downloads can happen just about anywhere. Some sites are built to lure people into a drive-by download; but in a common attack method, criminals will hack a web page, often on an otherwise legitimate site, and insert code that will download malware to your computer.
If you have to go there: The first thing to do is to keep your security software up-to-date, and to run regular malware scans. Many security suites can flag suspicious downloads.
NEXT PAGE: Fake antivirus software
Comments
Hey Freddy said: Appened to me too Got in trouble couldnt get home got ill fell in de love was robbed and de worst of all got a virus in de laptop sos I cant send no more beggin lettersHow can such tings happen to me just when I was trying to get some help to get 10000000000027 out of de countryUnbelievable innit
Freddy said: Pat will you be sending most of it to your nice Nigerian friend that is in trouble and cant get home is sick is in love with you has been robbed etc etc
pat said: just received on outlook mail a letter from Microsoft Ltd Microsoft Campus Thames Valley Park Reading Berkshire RG6 1WG United Kingdom telling me I won 2million five hundred thousand Great Britton Pounds because my email is a winner
Contax said: Boss Hogg said on Monday 04 October 2010Im OK I never use the internetPlease let me into the secret as I am really puzzled I can not send or receive these messages without going on the internet
Contax said: You warn us about problems with Flash Cookies that can release our secrets but not how how do I remove the FLASH COOKIESI use Cclleaner 2 0r 3 times a day to try and keep things cleanMy Tip for Security always use an on screen keyboard when entering user names amd pass codes for any sites such as online banking as I understand the key loggers cannot monitor this and steal your details hope it helps somone keep safe
Boss Hogg said: Im OK I never use the internet
dremmy said: Here we go again Fear more profit for the corporations You have to laugh if people buy into this fear mongering crap Lol
What the hell is worng with yo said: Ive just come to this page from an email you sent which uses hideous URL redirects to track email conversions This can be done much easier with some clever use of analytics Secondly Your site is disgustingly awful There is more advertising on this site than actual content I will be removing myself from your lists and never coming back17 most dangerious places on the internet is not an acceptable title Its actually 17 of the most malicous activities on the internet YOUR SITE PC ADVISOR is the 18th most dangerous place on the internet Enjoy this comment and goodbye
tim burke said: shoot dem all
tim burke said: shoot dem all
RSebire said: Adware Bots search for open ports data minners find memmory access paths and injecting unsecure code is done as a polymorphic trojanNo real way to protect against Denial Of Service attacks tooVirtulisation is recomendedOh and watch out for analogue servers as they are untaceable