- Oct 31, 1999
- 30,699
- 1
- 0
I actually don't worry as much about infectuous Spam. I think the security vendors have a much better "feed" of email-borne malware, for the obvious reason. Also, email clients such as Outlook or Outlook Express would put HTML email in the Restricted Sites zone, and restrict possibly-dangerous filetypes by default. The user can wave off on opening an attachment or the email as a whole, and there's plenty of Spam filtration going on to help subdue that angle of attack, too.
The stuff in my sample set varies, but a considerable amount of it is the type of stuff you might encounter if, say, you browsed http://forums.anandtech.com and it turned out AnandTech's advertising-banner supplier was hacked, or the site itself.
The hacked-advertiser scenario happened at Tom's Hardware Guide this year, and I could reel off more instances of compromised sites, including http://pics.bbzzdd.com, Asus.com, The Register, Microstar, one of Mozilla's mirrors, a page at Microsoft.com, and some of the >10,000 sites reportedly hacked using MPack. So IMHO the folks who think "oh, but I never visit dangerous websites" should be prepared in case a dangerous website visits them because that is one of the bad guys' new business models. And as I think the results of my test show, reactive protection alone is not necessarily going to stop an attack.
The stuff in my sample set varies, but a considerable amount of it is the type of stuff you might encounter if, say, you browsed http://forums.anandtech.com and it turned out AnandTech's advertising-banner supplier was hacked, or the site itself.
The hacked-advertiser scenario happened at Tom's Hardware Guide this year, and I could reel off more instances of compromised sites, including http://pics.bbzzdd.com, Asus.com, The Register, Microstar, one of Mozilla's mirrors, a page at Microsoft.com, and some of the >10,000 sites reportedly hacked using MPack. So IMHO the folks who think "oh, but I never visit dangerous websites" should be prepared in case a dangerous website visits them because that is one of the bad guys' new business models. And as I think the results of my test show, reactive protection alone is not necessarily going to stop an attack.