Avoiding URL hell

As the use of the web has grown, simple HTTP-based infection via port 80 has become an increasingly attractive option for cyber-criminals who want to infect people without searching for new vulnerabilities in network services. The growth of Javascript as a mechanism for highly interactive and functional websites has made it possible to manipulate browsers more effectively. Browser-based infections have grown exponentially in the past few years. The financially motivated nature of modern computer crime also promotes the use of malicious URLs for other purposes, such as phishing. Consequently, URL scanning services are now common. Danny Bradbury finds out how they work and how effective they are. Who would have thought that the home page of BusinessWeek could be used to deliver malicious code to visitors? Yet that is exactly what happened in 2008, when hackers compromised the site and embedded a link to a Russian malware server.^1 Other sites, including some owned by the UN, have also been attacked in recent years. These days, porn and warez sites are not the only regions of the Internet where visitors are likely to be hit with drive-by downloads. Legitimate web destinations are fair game, too.