« Websenseless | Main | Drowning in Denial »

December 29, 2006

A story at the Internet Storm Center should send shivers through the spines of everyone who has friends and relatives who don't practice safe computing. If you're not into the techy stuff described there, here's an English language synopsis:

An innocent Web search to find the side effects of a prescription drug yielded a link whose destination could send an unpatched Windows PC into a tailspin. Visiting that page triggers a chain of events that ultimately attempts no fewer than five attacks on your system. The goal of the five attacks is to find at least one way to seize control of the visitor's PC and load bad-bad-bad software on it.

At the time this was discovered, no antivirus software blinked an eye on the downloaded worm. But because the attacks were going after previously known Windows holes, a fully updated Windows operating system was apparently not vulnerable. Even so, with so much happening these days with zero-day exploits (exploits propagated before they're reported and patched), there's no reason why such a Web site couldn't find a way into the Windows PC of even the most vigilant and wary visitor.

The truly scary point here is that clicking the links you find on results from a search engine you know and love can lead to disaster. Search engines do not filter out bad guys who manage to work their way up the search engine results ladder—and belive me, the bad guys are desperately trying to do that so as to capture more and more PCs for use in botnets and to siphon off all email addresses stored on the computers (to spread their crap through spam that links to the same pages—the Circle of Strife).

It's so sad that one of the truly fun things about the Internet—clicking on new links to expand one's mind—has become the avenue to explode one's computer.