An infected Web

The Internet is “the network of all networks”. It is open to all, and this has brought many benefits. But that doesn’t mean our own computers and networks should be open to all. We individuals need to discriminate.

Dan Goodin at The Register has been covering the story of legit websites serving malware. Sites you trust may be bad. Sometimes the attackers gain control through a server exploit, sometimes through password cracking, sometimes through keystrokers.

The site owners rarely know they’re distributing malware to their audience. This exploit injects obfuscated JavaScript at the bottom of the site’s front page, redirecting visitors to various pages which attempt to force a download via old browser/plugin exploits.

Keeping your own software up-to-date, private and secure is necessary… the websites you’ve trusted may no longer be trustworthy. There is no “little network” of trust in the Web world — a browser will visit any site, and new hacks can demolish trust zones. (That’s why I’ll trust a separate AIR client more than I will an HTML5 uberbrowser.)

And in such a “network of all networks”, other people getting infected is bad for the rest of us — more noise, more confusion, less clarity.

Surfing the Web is like walking a strange city, particularly one with a high crime rate. The open-to-all nature requires us to be aware, and avoid unsafe situations.

Some sites we trust may be infected. We need to keep Web software up-to-date, and encourage others to do so.