Experts warned today that innocent internet users are increasingly at risk of visiting innocuous websites that have been taken over by stealthy bad guys.
According to researchers at Exploit Prevention Labs, the number of inoffensive sites harboring malicious exploits is on the rise. Up until recently it used to be that the only time users online would face such exploits would be if they were browsing illicit code cracker sites, pornography sites or music lyric and download sites, said Chris Weltzien, COO at Exploit Prevention Labs. He said the risk extends far beyond those sites.
"It used to be if you went to look for Kid Rock lyrics you were probably going to find a site that was shady," he said. "But now as they go mainstream they're hacking sites that you would expect to be safe."
In order to fight the onslaught, Exploit Prevention Labs released a free web tool today called LinkScanner that allows users to check the safety of a site at a given address. Weltzien said that users might be surprised at the results. According to him, there is a large network of legitimate sites hacked through various means — sometimes manually, sometimes through free web developing tools used by the site's webmaster.
For example, he discussed a website owned by a small plaster company outside of London that had used a free webcounter that was actually more nefarious than it seemed. The counter actually acted as a portal to some other site housed in Eastern Europe that scanned visitors for vulnerabilities to exploit.
"It's a threat that they don't want to be known," Weltzien said. "This isn't the old days of viruses where people wanted to be on CNN. These guys just want to operate on a very low level, they want to do very tricky things and they don't want to be discovered. They just want to steal money from people without anybody realizing they're doing it."
Most disconcerting to Weltzien is the fact that the network of these hacked sites is growing and the bad guys are using search engines such as Google to lure more users to the sites. For example, the third hit on a Google search for "technical staffing" pulls up www[dot]technicalstaffing[dot]com, another well-meaning site with malicious content embedded.
"This is where the threat is going and they are able to leverage search to expand their reach," he said.