Reply to: Top porn sites 'pose growing malware risk' to users

Attacks are getting more and more sophisticated because there is real money in it. There have been vulnerabilities found in browsers that can be exploited by simply visiting a malicious page. A researcher who finds one of these can pass it to the software vendor or sell it on the black market to organised criminal gangs with teams of developers who exploit them to compromise computers for identity/data theft and botnets. It's no longer script kiddies doing it for laughs or people doing patently stupid things which result in their PC being compromised (though there are still a lot of these too), it's big business now.

Agree that anyone who runs IE6 (including many large companies who should know better) suffers from terminal stupidity but as above - these attacks are increasingly sophisticated and organised so it's a running battle to keep ahead.

What for?

Why not make that search engine thing of yours into a specialised porn finder? You could make a fortune.

If it runs then it can escape.

Everything that parses data - runs it.

Switch off your PC now

Having had some experience of the hacks on the ad server on this forum and attacks on other sites I host I have a little bit of experience with this. Often the JavaScript is used to sniff what OS / browser / Java version the end user is on and a payload is then triggered if known exploits exist for that combination.

Nah, it is the browser that is often the problem:
PWN2OWN results Day One – Java, Chrome, IE 10 and Firefox owned | Naked Security

No getting away from the fact that end users are gullible but really the OS should protect even the most stupid end users.

FTFY

What's a PC???

DodgyAgent

It's much safer to keep PC turned off.

Milan.

I do a bit of work on security and often my research takes me to websites which contain malicious code. To mitigate against my PC getting compromised, I switched to running machines under VMWare for high risk activities.

If one of the VMs gets compromised I can easily contain the system and examine what happened to better understand the attack vector used or just throw the VM away and start a new one....

Another good solution for visiting risky sites is to use one of the Linux distributions. CentOS, Mint and Ubuntu (before they fecked up the GUI with Gnome 3) are all dead easy to install and pretty much bullet proof security wise unless you do something Really Dumb. You can even give a Linux system to the kids to use and they are working pretty hard to trash it.

The virus would be a lot worse if all that clicking actually worked

Did you split up with your janitor girlfriend or something?

Meet hot sexy 20 year old girls in your area with enormous tits who want to get laid tonight.




click click click click click click click click click click click click click






Damn.... another virus

It's not so much the browsers as the plugins IMO. Ultimately these run as the user running the browser, so if you're loading content into a plugin then a carefully crafted exploit can run anything that user can run. They might need a click on a yes button but it's not that hard to get a desperate ****** to click a button is it...

Not really. When the last time you interacted with real PC users? Your sibling/mum/dad/neighbour?

Every time, and I mean every time, there's a pop up which says "Security threat detected click to download (and run) free anti virus / pc checker" they click it

It's users who are the problem, not browsers.

I guess the concern is not that the browsers are functionally capable of making permanent changes, but that bugs in them allow that to happen.
Personally I use Firefox 20.0 on windows 7. I don't know how safe that is in the face of the worst websites, but at least Sandboxie provides an extra level of protection.

Of course it is only time before malware authors find holes in Sandboxie security, but this won't happen until Sandboxie becomes more popular.