A couple of months ago in a press release, McAfee reported:

"Fans searching for 'Jessica Biel' or 'Jessica Biel downloads,' 'Jessica Biel wallpaper,' 'Jessica Biel screensavers,' 'Jessica Biel photos' and 'Jessica Biel videos' have a one in five chance of landing at a Web site that's tested positive for online threats such as spyware, adware, spam, phishing, viruses and other malware," or malicious software, McAfee said in a press release. "Searching for the latest celebrity news and downloads can cause serious damage to one’s personal computer."

One in five. Wow.

It seems that the folks delivering malware are working other channels, too. Last week the proprietors of the popular site Gizmodo (over 3 million hits a day, part of the Gawker media empire) were chagrined to discover they were the victims of a scam which exposed their readers to malware. They ran ads they thought were genuine but turned out to be loaded with links to the ever popular "pop-up warnings" which attempt to get folks to download and pay for various anti-virus programs.

Last month the New York Times was similarly tricked. In both cases, the ads were purchased by the hackers. The Times thought they were selling space to Vonage and Gizmodo were convinced they were dealing with Suzuki. Kind of stunning, actually... the audacity of scareware merchants, indeed. A recent Symantec report indicates how lucrative this kind of activity might be. We learn from PC Advisor:

(Symantic) said it had detected over 250 different types of scareware to date, and many of the cybercriminals drafted in to help distribute scareware are paid per install, which can result in earnings of up to $100,000 per month. ( http://www.pcadvisor.co.uk/news/index.cfm?newsid=3204303)

Kind of stunning, somehow.

You can catch up with Gizomodo's experience and attempt to make it good with their readers, here:
gizmodo.com/5390520/apologies-we-had-mal...ng-as-ads-on-gizmodo

Cue the "Get-a-Mac" and "Switch-to-Linux" ads...now.



I think this is indicative of one of the long-held pieces of security advice - trust your correspondent - falling by the wayside. As formerly "closed" environments* like Facebook become infiltrated by hackers (to wit, the new wave of virulent Facebook status updates), we are no longer able to accept a message at face value simply because we received it from a friend or we clicked on it on a supposedly trusted Web site.

Which is why I simply don't follow links - especially the shortened ones from services like bit.ly that are impossible to visually scan anyway - and ignore ads on Web pages.

Yeah, call me a Luddite.

Carmi

*Meaning you "knew" who was on them, and you supposedly trust them enough to let your guard down when you opened up a message from them.

That's an interesting point about NOT following the shortened links. So you're issue is one of trust. Since you can't see where the link is going (and with the preponderance of drive by viral downloads) I understand your point.

Hmm, methinks I need to reconsider this "convenience."

But, these URL shorteners are necessary on sites like Twitter. With a paltry 140 chars you can't have a decent URL in their too. Aye, there's the rub...

From the upcoming print edition of InfoExecutive -
Web 2.0 is Threat 2.0, of course

Much of the success of new communications tools like Twitter and texting depends on the ability to take long Web site addresses and turn them into much shorter links. After all, if you only have 140 characters for your message, why waste half of that or more on Web address information? People who use services like shortURL.com and bit.ly can share URLs that are dozens of characters long by shortening them to a few letters and numbers. But just as no good deed remains unpunished, no advance in Internet convenience remains unthreatened. In the case of shortened Web addresses, hackers can use them to direct people to “poisoned” Web sites under a cloak of anonymity. If users looked at a longer address, they might become suspicious if it led to a domain that did not make sense – why would a Hollywood gossip site be hosted in Russia? Because users have no idea what is behind a bit.ly address, they may be tempted to click on it anyway.
As Roger Thompson, chief research officer at AVG Technologies explained, “People click with the intention of going to a specific site, but the link can be easily hacked to send people to a site containing Trojans, spyware, rootkits and other malware instead." AVG has released a free tool called LinkScanner that “tests the destination of each URL link in real time,” according to the company, available at bit.ly/3QhrsO - honest.