One in 10 websites malicious
The BBC reports:
One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user’s PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to “in-depth analysis”. About 450,000 were capable of launching so-called “drive-by downloads”, sites that install malicious code, such as spyware, without a user’s knowledge.That is a surprisingly high percentage – much higher than I would have guessed. They mostly exploit vulnerabilities in Microsoft Internet Explorer (MS IE) and the trend is increasingly to install keyloggers, which allow the bad guys to capture sensitive data such as passwords and banking data.
The website serving the malicious code may be completely legitimate – the malware is often downloaded from banner ads, traffic counters and other applications on the web site, such as calendars, which have not been programmed by the owners of the site.
Bottom line – don’t use an old version of MS IE. Better, don’t even use the latest, fully patched version MS IE - it has around 83% of the web browser market, which makes it a very attractive target for the bad guys. Why waste your time hacking browsers used by less than 17% of the users? So you are likely to be much safer if you use Firefox, Opera, Safari, and co.
If you want to learn more about web-nasties, (such as keyloggers and drive-by downloads) and the defences against them, there is a good short introduction for “non-techies” here. And here’s a report showing how easy it is to get infected if you don’t pay attention properly, just by googling for a plumber and clicking on one of the results returned.