Hackers embed malicious links in websites about stars like Biel
— -- This is rapidly turning into the summer of bad Web links. Cybercriminals are saturating the Internet with virulent Web pages and using every trick they can think of to get you to click on bad links.
IBM's X-Force security research team has tracked a 508% leap in new malicious links infesting the Web in the first half of 2009 vs. the first half 2008. It's not just porn and gambling sites that pose danger. Links to personal blogs, media sites, chat rooms and even links turning up in your search results can snare you, says X-Force director Kris Lamb.
"There is no such thing as safe browsing today," says Lamb. "We've reached a tipping point where every website should be viewed as suspicious, and every user is at risk."
Want to know more about your favorite celeb? Be careful, especially if you're curious about Jessica Biel's romance with Justin Timberlake — or the latest gossip on Beyoncé, Jennifer Aniston or Tom Brady. They top McAfee's list of Most Dangerous Celebs. Do a search that includes the celeb's name, and a bad link is likely to turn up prominently in the search results.
"Hackers keep up with the latest pop-culture trends," says McAfee researcher Shane Keats.
Google's list of known bad links zoomed past 350,000, up from 150,000 in June 2008. The search giant has been finding as many as 40,000 newly corrupted links a week. Most are legitimate Web pages that criminals hack to seed an infection, says Roger Thompson, senior researcher at anti-virus firm AVG. "I can easily see the number doubling again in 12 months as more gangs come into the game," he says.
Google adds a warning to known bad links that turn up in search results, but security team member Niels Provos acknowledges that Google's list of malicious links "is a subset of all the malware out there."
Most bad links function as relays to other Web pages set up to quickly embed a tiny tunnel to the hard drive of the visitor's PC.
Cybercriminals are taking greater pains to hide this tunneling process from being detected and blocked by anti-virus programs. IBM says the number of Web pages found to be carrying stealthy malicious programs topped 8 million in mid-2009, up from 1.4 million in early 2008.