Malware is a big problem that affects virtually every operating system out there.  The bad guys make a lot of money from it and as a result it will be a problem for a long time to come.  Malware is something in particular that I have been interested in for a very long time and it has even been a central focus of much of my previous job with Geek Squad.

Frequently when people talk to me about their computer at home that is having problems they will say things like “I swear my computer just got infected on it’s own!  I never go to bad sites and only check my email and banking on the internet.”.  Most people that repair computers for a living or are just technically savvy will know that the person is just ignorant and did not know what they are clicking on in an email or went somewhere they shouldn’t have.

Things are starting to get much more complicated and a computer user does not need to actively go somewhere they shouldn’t or even click on a pop-up.  On this very site a few months ago I became pretty upset that someone had been able to poison my results in Google.  As you can see at the top of this site there is a Google search bar and frequently when it was used the user would be directed to a malware infected website.  After much investigating I found that my site itself was not the culprit but that Googles results themselves were poisoned and after reporting it they were able to quickly get the problem resolved.

But this brings up the biggest problem of all, website admins not knowing their sites are infected.  There is an abundance of people out there running websites that are infected and the owners of the sites have no idea.  Usually this happens by the site being quietly hacked and then code inserted into the site.  They tend to be very quiet about it so as to keep the hack undiscovered for as long as possible.

Everyone loves to know how many people are visiting their website and that is why one of the most overlooked snippets of code is that of a stat counter.  Currently a wide spread method of infection is for malware creators to hack into smaller websites and then paste what looks like a Yahoo stat counter.  What really makes this counter unique is that if a sites visitor is not capable of being infected the site appears as normal.  When a user is capable of being infected (due to a missing update, outdated OS etc.) the site visitor is redirected to a different site that then injects the malware into the users computer.

Attacks like this are happening in places where many people are the most trusting, municipality websites.  The city os Streator Illinois website is a perfect example of one that contains the fake Yahoo code.  DO NOT GO TO THIS WEBSITE! IT MAY STILL BE INFECTED!

infectedsite

The site itself looks normal but when you look at the source of the site you can see that the fake Yahoo counter.  When you look even closer you will see that the site actually has TWO Yahoo counters, this indicates that the site has been hacked twice and code inserted.

This can happen to virtually any website but I am personally seeing this occuring with many older sites that are not actively maintained.  The best defense against this as a website browser is to make sure that you are keeping your computer updated and not running an older OS like Windows XP without a good anti-virus.

Check It Out> Roger Thompson (AVG)