Real World Computing
Simple, but not stupid
Far more serious, as far as I'm concerned, is the fact that it leaves you open to further infection and puts your data at risk. Think about it: if the advert is hosted by a criminal organisation as a direct result of a malware infestation, what are the chances that the adverts served up are themselves infected with malicious code? With the user blissfully unaware that their computer has been compromised in the first place, why should they assume that adverts that appear in Google searches are anything but trustworthy?
Google has always been pretty quick to act as soon as any adverts that link to malicious code-serving sites, or otherwise violate its software principles, are discovered, and both manual and automatic procedures are in place to uncover these. Butan end-user PC that's been compromised and redirected to an alternative ad server is an altogether different proposition, about which Google can do little. All the more reason for youto ensure your computers are secured locally.
Spam frittered
The MessageLabs Intelligence 2007 security report suggests that spam remains a menace, with a quarter of all emails now including a malicious link. At the start of the year, only 3% of email-borne viruses contained malicious links, but that all changed courtesy of Storm. The real shocker is the fact that MessageLabs identified an average of 1,253 new websites per day that hosted malware during the course of 2007, which works out to something like half a million new malicious sites over the course of the year. Talking of annual averages, in 2006 the frequency of viruses averaged 1 in 67.9 emails, while in 2007 that fell to 1 in 117.7, so on this front at least things seem to be improving. Not so when it comes to phishing attacks, up from 1 in 274.2 in 2006 to 1 in 156 emails last year.
Things are looking bleak for 2008 as well, at least if my mailbox in the days following Christmas is anything to go by: lots of reports of family members getting a laptop as a gift and taking the "plug and go" concept a little too literally, without any thought for security. An unprotected computer hooked up to a broadband connection gets exposed to malware infection within minutes, and just as quickly when the user is uneducated in prevention techniques or plain common sense, which is hardly surprising. One consequence of this Christmas effect is going to be an increase in spam during January, as more machines are recruited into spambot networks.
Already, I've been receiving emails from consumers who are concerned at getting, in some cases, hundreds of bounce messages for spam email that purports to have been sent by them but which they know nothing about. In about 75% of the cases, I hear this is a symptom of a compromised botnetted machine, but this isn't always the case, because some spammers still use email addresses at random to get around spam filters. I've fallen victim to this myself in the past few years and the influx of bounce messages can be enough to impact upon your mail server performance - even to get you blacklisted as a spammer by some anti-spam systems.
It's usually possible to do a bit of detective work and trace the real sender of the spam if you feel like it, then to use this as evidence to get yourself removed from any antispam blacklist databases. Look in the full email headers for the "Received from" line that will give the originating IP address. Unfortunately, more often than not nowadays, this will resolve back to some compromised PC that's part of a botnet - another innocent victim of the spammers.
