The latest browsers are fighting back against the never-ending assault from online crooks who want to sneak malware infections through your browser and onto your PC. Opera 9.5, and, soon, Internet Explorer 8 add new security features that block known malware sites..
Today's dirty trick of choice for Net thugs is to slip nearly invisible code onto a vulnerable but benign Web site, forcing it to become an unwitting foot soldier in the malware war. A successful hijacking in July of a site for Sony PlayStation games demonstrates that sites both large and small can fall victim to this tactic, which crooks like because it can target even people who are careful about where they surf.
Mass Assaults Online
"The bad guys are putting a lot of effort into mass hacking," says Roger Thompson, chief research officer with antivirus maker AVG Technologies. "They routinely hack 20,000 to 40,000 sites in a day" with automated tools, he says.
The browsers have their work cut out for them, to be sure. A May report from security company ScanSafe that looked at data from its corporate customers found that their risk of encountering exploits and hijacked Web sites skyrocketed by 407 per cent from May of last year. ScanSafe also found that just over two-thirds of all Web-based malware attacks came via compromised Web sites.
The new features in the latest browsers work much as existing antiphishing filters do. In Firefox 2, Mozilla uses Google's blacklist of known phishing sites. If you mistakenly click a link to a URL on that list, you'll see a warning instead of the site. Firefox 3 also blocks the display of pages on Google's list of known malware sites.
Firefox 3 grabs the most recent blacklist about every 30 minutes, according to spokesperson Johnathan Nightingale, and checks the sites you visit against that local list. Firefox 2 has an option to always check sites you visit against Google's online list so as to catch the very latest entries, but Firefox 3 provides no such option.
Opera Girds Itself
Opera 9.5 works in a similar fashion, but with some key differences. It adds malware-site blacklists from Haute Secure, a Seattle-based security company, to the phishing blacklists from Netcraft and Phishtank that the previous version used. Haute's list includes sites on Google's list, those the company discovers, and sites that Haute's users have submitted.
According to Christer Strand, an engineer at Opera who worked on the new feature, when you first visit a domain, the browser pulls down a sublist of any blacklisted pages or links within that domain from the latest online-stored lists. It then checks pages you visit against that small downloaded list. Opera doesn't save anything about who is visiting what domains, Strand says.
Though you can find these features in the latest Opera and Firefox now, you'll have to wait for Internet Explorer 8's similar feature. Austin Wilson, director of Windows client product management, says that IE 8's beta 2, due out in August, will employ a feature dubbed SmartScreen to block malware sites.