Clicking hyperlinks can cause virus attacks
Technology Tips by Burleson Consulting
I knew the someday,
the day would come when it's no longer safe to click on a
not talking about offensive content, either. Now we have
two dangers that threaten the whole web. First, you cannot
safety click a hyperlink without risking a Page Load attack, and
second, you can no longer trust the instructions on legitimate
If left uncorrected,
these vulnerabilities could cause a worldwide panic. Well, maybe
not a panic, but it could spell the early death of
super-interactive web sites like
maps.google.com that use
Be careful what you click
Most folks don't know
that you have to be very careful when clicking hyperlinks and
that you can commit a felony just by loading some web pages.
It's a felony in the United States to click on a hyperlink that
takes you to a child pornography web site, and it can be easy to
do, especially when you are surfing in a bad neighborhood.
For example, I get
full activity feeds from the PC's in my company, and I once
witnessed an employee surfing Lesbian porn with wild abandon,
clicking the links so fast that they could have easily hopped
into a kiddie porn site, triggering a visit by the FBI.
For those of us who
don't visit bad neighborhoods, we never had to worry about
surfing. But that all changes when the simple act of
clicking a hyperlink might launch a virus.
Web Surfing is now
There are two serious
vulnerabilities here, both of which make web surfing a
potentially dangerous activity:
automatically invoked when your web browser renders the
page. This script can then do naughty things on your
into legitimate web sites. This vulnerability has been
discovered on many major web portals, and the hacker plants
a phishing page.
This is very
frightening stuff, especially since people are now publishing
step-by-step how-to guides for using hacker techniques. If
you have not already, take a minute to witness this
actual database break-in, captured on video. Let's
this article, hackers can put scripts inside their web pages
that will automatically launch, easily infecting your PC or
network with a malicious virus:
without warning when the page is viewed in any ordinary
browser, the researchers said.
It will bypass
security measures such as a firewall because it runs through
the user's browser"
But if that were not
(AJAX) has vulnerabilities which can be exploited by a hacker.
Steve Karam, notes that you can be protected against this
problem with spyware:
ActiveX objects have long had the same issues, and anyone
using Internet Explorer is highly susceptible to them. In
fact, the only way to use AJAX on Internet Explorer is to
use Microsoft's ActiveX objects that have been around for
If an internet user has a spyware program or virus scanner,
thus, it is in the hands of the end user to protect
themselves. Calling this a threat is like saying we should
discontinue email use because it could contain viruses."
The Plant attack
I'm starting to think
web pages, even the giant secured sites like eBay and PayPal.
Worst of all, even checking the URL of the web site will not
This article notes that consumers were ripped off by a
phishing scheme, even though they checked to ensure that they
were on the actual PayPal web site. Feeling safe, they
following the instructions on the screen, one of which was a
PayPal web page by hackers:
"The page actually
has a real PayPal URL, but hosts malicious code that
presents a message warning members that their account had
been compromised. It then redirects them to a "phishing" Web
From the article we
see that many well-known and trusted web sites have been
"An attack could
also lurk on a trusted Web site by exploiting a common flaw
known as cross-site scripting. Big-name Web companies
including Google, Microsoft and eBay have had to plug such
Earlier this week
AOL's Netscape.com fixed such a flaw that let apparent fans
of rival Digg.com
Wow, this is scary
all these are for the sake of progress, and they give us the
possibility of an amazingly diverse Internet; however, with
new progress also comes new problems...it will be up to the
developers to fix these issues.
It's not just
PHP programs to upload shell scripts and other things that
can cause the same results."
||The plant attack can be
easily prevented by only using HTML in web pages, and if
expert to harden your webserver.