Online threats test security companies

Online threats test security companies

Tug of war between hackers and software makers

Security companies have admitted they are struggling to cope with the new wave of online threats.

Recent reports claim thousands of UK specialist websites have been embedded with malicious Javascripts.

When people visit an infected site, their computer runs the Javascript, which then looks for flaws in software such as the Internet Explorer browser or Apple Quicktime video player. Once it finds these it can then download programs such as Trojans and keystroke loggers.

Javascripts are normally innocuous programs that are used to create visual effects on websites. Therefore people’s browsers are generally set up so that Javascripts will download.

Current security software is having trouble detecting these attacks because the malicious Javascript that starts the attack is given a different name each time. The additional malicious programs are also disguised each time they are downloaded.

According to Bruno Rodriguez, business unit director at Panda security, companies “are seeing thousands of attacks that use these methods to bypass antivirus filters in order to download keylogging software and steal PC data”.

These latest Javascript attacks only compound consumers’ misery after criminals recently launched another form of attack that also caught security companies on the hop. This rootkit attack has used a technique not used for a number of years to control people’s PCs; security companies are still working to stop this.

People can follow a few simple guidelines to keep themselves safe. Security firms advise disabling Javascripts except for trusted sites.

Also use website scanning tools, such as Scandoo, which scan each site for threats and give each one a safe rating.

To disable Javascript on Internet Explorer, click on the Tools menu in the taskbar. Then click on Internet Options, then click Security. Once this page has come up click on Custom level, this will bring up a security setting screen. Scroll down to Active Scripting and click disable or prompt.

Those using Firefox should once again click on the Tools menu in the taskbar. Then click on Options, then click on the Content icon. Here uncheck the box next to Enable Javascript and click OK.

Firefox users can download Noscript, a free plugin that stops all Javascripts running unless explicitly told otherwise.