Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick (davidcaddick@gmail.com)'s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

I've just been reading this over at AppSense's Security Blog and it's amazing to think how simple some this can be, as well as frightening to think how many possible devices have been compromised out there?

It's starting to look like it's a good idea to do all your general browsing (at least from Home? ;-)) via a locked down device running under VMware? or at least try one of the other alternative methods of making your browser more secure?

+++Full Article+++++++++++++
Following on from the recent publicity Spyware being spread from the social networking site, MySpace, research published recently shows that this is in fact not an isolated problem.  In case you are not familiar with the this problem, an exploited banner advertisement that ran on MySpace and several other sites exploited a Windows security flaw which reportedly infected more than a million users with Spyware. 

The exploitation was performed through a so called drive by download, where an unpatched version of Internet Explorer is infected with Malware simply by viewing a web page. The vulnerability being exploited was the WMF rendering flaw we discussed at length in January of this year. The Spyware tracked web usage and filled the user’s screens with potentially inappropriate popup ads.

The recent research we mentioned earlier found that on average, as many as 1 in 600 of all profiles on social-networking sites contained some form of Malware. The majority of this was Spyware, but other types were found. To put these figures into perspective, MySpace alone has over 100 million members and accounts for almost 5% of all web visits in the United States. So, although 1 in 600 sounds like a small figure, it translates to a vast figure.

This medium is also a perfect playground for social engineers. Using MySpace as an example again, a typical profile contains two main sections. These are About Me and Who I'd Like to Meet, as well as a general section for items like physical description and interests.  All of these sections are indexed and searchable, and so can be seeded with terms to attract the most users and achieve the greatest Malware distribution.

Probably the most shocking element in the whole MySpace fiasco is the vulnerability and the exploit used. The WMF rendering vulnerability received massive coverage when it first surfaced, with an out of step patch released by Microsoft as a result. This is a thoroughly studied and understood problem so how did the majority of antivirus clients not detect this and stop it far sooner?

Posted on Friday, August 11, 2006 8:24 AM IT Management , Real Cool Stuff , Security | Back to top


Comments on this post: Beyond MySpace? How many compromised PC's are connected to the Internet?

# re: Beyond MySpace? How many compromised PC's are connected to the Internet?
Requesting Gravatar...
running a home pc these days has become total fiasco with so many attackers constantly trying to ruin the home computer experience. My browser has so many probles with it that I just can't figure out and I have tried (everything). the technical challenges pour in like rain - next time around with a new and better computer "and accessories" I will be sure to reverse the tide - - - and ?maybe? figure out some way of sending the hackers into the hell they deserve
Left by steve on Oct 07, 2007 3:28 PM

Your comment:
 (will show your gravatar)


Copyright © Dave Caddick | Powered by: GeeksWithBlogs.net