Turns out one of the most dangerous things you can do on the Web these days is follow everybody else.
After the launch of Google Wave as a service available to 100,000 beta users this week, one of the most popular search requests on the Web for the past week has been "How Do I Get a Google Wave invitation." Alas, this has not gone unnoticed by the people that distribute malware, all of whom seem to have optimized their sites to entice people to click on URLs purporting to have information about how to become one of the privileged few lucky enough to get an invitation to Google Wave.
Unfortunately, all these people are getting once they click on these URLs is a good dose of malware. And just to add insult to injury, many of them are offered the opportunity to purchase fake anti-virus software to solve the problem. So in addition to getting taken for the cost of the fake software and giving up their credit card information, users get the pleasure of installing more malware in their systems via the fake software.
None of this activity is new. But according to researchers at the Websense Labs Team, these black hat search engine optimization (SEO) attacks are increasing dramatically. For instance, prior to the release of Google Wave, the Apple iPhone was the most popular target of black hat SEO attacks.
The folks at Websense say that the only effective way to combat these threats is to use reputation tracking-based security software that identifies sites hiding malware in real time. Otherwise, customers are dependent on anti-virus software vendors to release a signature for the malware that can take anywhere from days to weeks to identify.
The biggest problem, however, is that none of this malware is confined anymore to just fake sites. Over 85 percent of legitimate Web sites have now also fallen victim to distributing malware. The only real question therefore is not how we protect our systems from malware, but rather how do we stop it from getting distributed in the first place?