Threat Intelligence Blog

Posted April 2, 2008

Yesterday’s revelation that certain Google search results contain tainted URLs that simultaneously take consumers to their intended site, as well as redirect them to a second site for the purpose of installing malware, shows the bad guys continue to get creative. Read about it here in USA Today Cross site scripting, phishingPhishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. and web-delivered malwareMalware: Software that is intended to damage or disable computers and computer systems. are not new threats, but the combination of these elements along with proven search engine optimization techniques poses a pretty lethal combination.

Hopefully, Google will take steps to protect its customers from these attacks. Web site operators can do their part, too. You can help protect your Web site from cross site scripting attacks by ensuring that your application performs validation of all headers, cookies, query strings, form fields and hidden fields.

Additional Posts

Realistic Solution to the Malware Epidemic?

It's hardly newsworthy that security experts at the RSA Conference this week pointed to malware as ...

The Growing Imperative for Cyber Intelligence

Today’s front page article in USA Today points out the growing importance that intelligence ...