Hackers embed malicious links in websites about stars like Biel

By
Byron Acohido, USA TODAY
September 2, 2009, 10:15 PM ET
4 min read

— -- This is rapidly turning into the summer of bad Web links. Cybercriminals are saturating the Internet with virulent Web pages and using every trick they can think of to get you to click on bad links.

IBM's X-Force security research team has tracked a 508% leap in new malicious links infesting the Web in the first half of 2009 vs. the first half 2008. It's not just porn and gambling sites that pose danger. Links to personal blogs, media sites, chat rooms and even links turning up in your search results can snare you, says X-Force director Kris Lamb.

"There is no such thing as safe browsing today," says Lamb. "We've reached a tipping point where every website should be viewed as suspicious, and every user is at risk."

Want to know more about your favorite celeb? Be careful, especially if you're curious about Jessica Biel's romance with Justin Timberlake — or the latest gossip on Beyoncé, Jennifer Aniston or Tom Brady. They top McAfee's list of Most Dangerous Celebs. Do a search that includes the celeb's name, and a bad link is likely to turn up prominently in the search results.

"Hackers keep up with the latest pop-culture trends," says McAfee researcher Shane Keats.

Google's list of known bad links zoomed past 350,000, up from 150,000 in June 2008. The search giant has been finding as many as 40,000 newly corrupted links a week. Most are legitimate Web pages that criminals hack to seed an infection, says Roger Thompson, senior researcher at anti-virus firm AVG. "I can easily see the number doubling again in 12 months as more gangs come into the game," he says.

Google adds a warning to known bad links that turn up in search results, but security team member Niels Provos acknowledges that Google's list of malicious links "is a subset of all the malware out there."

Most bad links function as relays to other Web pages set up to quickly embed a tiny tunnel to the hard drive of the visitor's PC.

Cybercriminals are taking greater pains to hide this tunneling process from being detected and blocked by anti-virus programs. IBM says the number of Web pages found to be carrying stealthy malicious programs topped 8 million in mid-2009, up from 1.4 million in early 2008.

Once a tunnel is in place, the attacker uses it to install code that groups the PC with thousands of other infected machines in what's called a bot network, or botnet.

The attacker then can lease the botnet to other criminals who need computing power to deliver spam, steal data and hijack online banking accounts. Botnets are also the engine behind widespread promotions to scare you into buying fake anti-virus subscriptions.

"The bad guys are far ahead of the curve when it comes to exploiting security weaknesses," says Randy Abrams, researcher at anti-virus firm Eset.

Bad links are moot, of course, if no one clicks on them. So the Internet has become swamped with ploys to steer people to bad links. They can turn up among the first page of search results for queries you might do on Google, Bing or Yahoo Search about news events, popular products or movie stars. You should never click on a link to a free celebrity screensaver, for instance, Keats says.

Lures frequently take the form of a suggestion to click to a link purporting to take you to an enticing video. These teasers arrive in e-mail or in social-network messages. They can be as simple as a "Hi!" Facebook message followed by a bad link, or as innocuous as a Twitter microblog containing a bad link.

The Koobface worm has been swarming the Internet, stealing account log-ons and contact lists from users of Facebook, Twitter, MySpace, YouTube, Friendster, Bebo and Hi5. The worm then sends messages to everyone on a user's contact list. This allows it to distribute bad links in messages and microblogs that appear to come from a trusted source.

Internet users should keep anti-virus protection updated, install software updates promptly — especially from Microsoft, Apple and Adobe — and click on links very judiciously. "With so many attacks from so many angles, consumers need to make sure that they take extra precautions," says Jay Chaudhry, CEO of tech-security firm Zscaler.