Dangerous Web sites, strings attached

Random search strings in Google can yield sites hosting drive-by downloads of malicious content.

As the automated Mpack attack continues to turn thousands of legitimate Web sites into compromised sites offering drive-by downloads of malicious software, security researcher Roger Thompson over at Exploit Prevention Labs reminds us there are other exploits compromising legitimate sites, and some are as easy to find as entering a simple search string on Google. For more than a week (starting before the current Mpack attack), Thompson has been posting a list of dangerous search strings on his blog site. I've collected these and indicated in parentheses some of the known exploits associated.

  • atlas mountains country (WebAttacker 2 or MPack)
  • rotweiller rescue
  • North Padre Island (WebAttacker 2 or Mpack)
  • arches national park (WebAttacker 2 or MPack)
  • canyonlands national park
  • mass lottery
  • air disasters in Florida (WebAttacker 2)
  • cd key windows xp profesional
  • batmobile for sale
  • victoria's secret (fake codec)
  • pokemon ruby gamesharks
  • blue book (mdac exploit)
  • IBM stock
  • pallet fire
  • Nigerian economic and financial crimes
  • who's a rat

Exploit Prevention Labs makes LinkScanner , a browser plug-in that will identify and block known exploits on tainted sites before you download the page. There are other safe surfing tools available as well; some are free.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)
    Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)
    CNET's 15 favorite How Tos of 2014