.
Volume 3, Issue 6

www.sdchamber.org

ESET Tech Corner: Good Web Sites?

By Randy Abrams, Director of Technical Education, ESET LLC

The Anti-Phishing Working Group (APWG) recently reported that 80% of phishing sites are being hosted by legitimate websites that have been hacked. It is not uncommon for a church or school to have a website and not even know that there is a web page on it that looks like a banking, eBay or PayPal web page.

Does your company have a website? Do you know each and every web page that is on your website? Do you know what to do if your website is hacked?

For security researchers, sometimes the most difficult thing is to find out who to contact if a legitimate website is discovered to be hosting hostile content.

The APWG has published a document with great information for small to medium sized businesses that get hacked. I recommend reading the information before you need it. You can find the document at http://www.apwg.com/reports/APWG_WTD_HackedWebsite.pdf.

There used to be “good websites” and “bad websites.” Because hackers know that the general public has learned to avoid the bad sites, good sites are increasingly becoming the target of criminals. This has a few implications for your business. If you have a website, not only is it a potential target for hosting phishing attacks, but there are many other uses a criminal may have for it. If hackers are able to gain access to your website, they can put malicious programs on it that will infect customers the moment they visit. Your website is a valuable repository as well – if a hacker doesn’t want to get caught with pirated software or illegal pornography and he can use your website to house it, then you are the one who will have to prove innocence. The unfortunate truth is that the concept of innocent until proven guilty rarely applies when illegal software is found on a computer.

If your company has a website, it makes a lot of sense to get an external security audit.  If you don’t have a website, you should still need to be careful when visiting legitimate websites. When you perform a Google search there is almost a 100% chance that a dangerous site will appear in the first 2 pages of results.

Learn more about ESET: http://eset.com