There is a recent…not so recent, but in Internet terms recent…trend and it annoys the piss out of me.
No. It’s not incorrectly using punctuation to keep a blog having more of a conversational tone than–hey…wait. I see what you did there.
No. It’s click baiting.
Somewhere along the way people that host web-sites and companies that have websites figured out that they could make money just by making people click additional pages.
Check it out.
Your average web page has between five and fifteen different links that go to external sites. These links and web page space are purchased by advertisers and they pay the host on a click by click basis.
Don’t bother checking the stats–it’s more of an eyeball guesstimate. But seriously…what you need to pay attention to is the clicks.
It’s all about the click.
So…you take a mediocre article. Little more than most of my blog entries (in length…I like to think my content is more enjoyable). With some stock photos. And instead of one page (like these) with maybe a few ads (I can’t remember if I let Google put ads on my blog or not) and you split it in to 15 pages. Separated by the dreaded ‘NEXT’ button requiring you to…yup.. click.
Only the links to get to the next part of the article are many times obfuscated with other links (the dreaded ads). The good pages keeps the ads contained in frames. The shitty pages scatter the ads all over the page. ?Links everywhere. The target space for the legitimate click is very narrow (even though the graphic might be big) while the target click area for the ads is quite large (even though it’s only a link).
But it’s all about the click.
And if you’re on a mobile device, it’s even worse. On the average cell phone (not the ‘phablets’), it’s quite easy to touch the wrong area of the screen.
I find that pages linked from Facebook tend to be the worst about this, but that’s not always the case.
This is about to get part bitchy rant and part pro-tips that can save you some headaches.
But Todd…it’s just a few harmless ads. Sure, they’re annoying, but if I don’t click on anything, no harm no foul, right? What’s the worst that could happen?
Let me paint the picture for you. You surf on a page. A web-site of a college your high-schooler is interested in, for example. You notice some ads on the right side of the page. One happens to be for a barrister in Australia (think ‘lawyer’, but with a cooler accent). Hmm. That’s odd. You think. But you’ve seen stranger things and maybe that college has some connection Down Under. You go on your way thinking no more about it.
You turn on your computer the next day. All of your files are gone. In place of all of your files are TXT files (text) telling you how to pay the $1000 to get the de-cryption key. You now have the CryptoLocker Virus.
*PLEASE* Do me a favor and do NOT Google that. I’ll tell you why in a minute
Back to the matter at hand. How did you get infected? The days of only getting a virus from internet porn sites are long gone. Don’t get me wrong, you’ll still catch something from those sites if you’re not careful, but you’ll catch them for the same reason you catch them from sites as innocent as a college web page.
Remember that whole phenomenon about ads being on web pages and how that generates money for the page that hosts the ads? It does, but it’s a huge problem. Those web pages have placeholders that point to external sites for those ads. So..something you think should be secure (like MSNBC.com, for example) has a link to some external server NOT hosted by MSNBC that is delivering the ad.
Now…let’s say the code is sloppy. Or, let’s assume the advertiser doesn’t care as much about security as the host. It’s very easy for those so inclined to insert malicious code.
Let’s play out the college web page example.
So…you just viewed the main page. There were some ads. You didn’t click on anything. You come back the next day and your computer is hosed. Only it’s not just your computer. It’s any mapped drive or resource or backup that your computer was connected to. And this virus is nasty, folks, trust me on that.
So…you didn’t click on anything. You didn’t knowingly download anything.
How did you get infected.
It’s a drive by insertion. Just by being on the page, the ad content was ‘delivered.’ The ad content for the Aussie Lawyer contained malicious code. That was pushed to your computer. And executed. Without your knowledge.
It happens. It happened to my parents. It happened to a friend of mine. It’s happened to people I know at their place of employment.
Here is the honest to goodness truth of the matter, and the sooner you accept this, the better off you will be:
IF YOU SURF THE NET, YOU WILL GET MALWARE or a VIRUS. PERIOD.
There are ways to mitigate it and minimize your risk, but the truth is you will get hit. I could right three more posts about how to protect yourself (or I could copy and paste my notes that are used for our company’s security awareness course), but that’s a topic for another time.
- Always have an Anti-Virus program that is UP TO DATE running on your system.
- Our company uses ESET. I would stick with a well known company. And be prepared to pay for it. Nothing in this world is free.
- Invest in Anti-Malware Software.
- Malwarebytes is a good one. There are others.
- Never open attachments in emails that you aren’t expecting.
- And scan the ones that come in emails if you ARE expecting them (or call the person who supposedly sent you the email to verify they actually sent it).
- NEVER click a link in an email
- Look in to using Firefox or Chrome to surf the net.
- These browsers have plug-ins available that disable ads.
- NEVER keep anything on a local disk that you can’t afford to lose.
- important files and documents should be kept on removable storage.
- EXPECT to get a virus or malware at some point.
Now on to the rant….
- And what happened next will leave you in tears..
- You’ll never believe what shocking thing this father/mother/sister/uncle/leper down the street discovered
- You won’t believe your eyes
- The result is shocking
- What happened next is AMAZING