Tuesday, December 4, 2007

When typos attack

We all make mistakes. In my case, it's pretty much all through the day. I tend to type pretty fast and let spell checker figure it out. But in the case of browsing the web, these innocent typos may not be so innocent.

According to a recent McAfee study, a new attack vector is called "typo-squatting," which preys upon the folks that make simple typos when browsing. The bad guys register domains that seem like the one you are looking for. Then the fun begins. "These squatter-run sites generate click-through advertising revenues, lure unsuspecting consumers into scams and harvest email addresses to flood users with unwanted email."

Since drive-by Trojans and other nasty web attacks don't need user interaction anymore, it's all the more important to make sure your devices are configured securely. Right, that's Step 2 in Security Mike's Guide. Step 3 focuses on securely configuring your browser.

Over the next week or so, when Step 4 goes live, you'll also learn about a utility that plugs into your browser to show whether a web site is good. None of these methods are totally foolproof, but the more layers of security you have, the more likely you won't get nailed.

No comments: