SURIFNG THE NEWS ONLINE

Online News Exploit or Being Exploited?

A perspective by Trend Micro, a global leader in consumer digital information security

It is learnt that on a daily basis many people spend most of their time doing one of three things on the Internet – reading emails, reading the news online while surfing the Internet and keeping up with friends and family via social networks.

Recently in February, we read the report where the *Los Angeles Times has scrubbed its website of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks. It’s not clear how many readers may have been impacted by the attack, which appears to have been limited to the Offers and Deals page of the www.latimes.com website.

Site metrics firm www.alexa.com says this portion of the newspaper’s site receives about .12 percent of the site’s overall traffic, which according to the publication are about 18 million unique visitors per month. Assuming the site was compromised from December 23, 2012 through the second week in February 2013, some 324,000 Los Angeles Times readers were likely exposed to the attack.

In fact, the Los Angeles Times incident is unfortunately all-too-common. Most of the time, these websites that were detected malicious content are innocent, legitimate sites that have been hacked. What took place was that once attackers have figured out a way to inject content into a website, the rest of the intrusion follows a familiar script whereby the attackers add malicious. When unsuspecting users visit the legitimate site, their browsers also automatically pull down the exploit kit code from the unauthorized server which is usually termed as Blackhole.

According to **Trend Micro, the new kit, which it dubbed Whitehole Exploit Kit, uses a similar code as Blackhole —but does not bother to hide itself. Other notable features of this new toolkit include the ability to evade antimalware detections, prevent Google Safe Browsing from blocking it and the ability to load a maximum of 20 files at once.

According to Trend Micro an analysis of the sample exploit malware detected as a Trojan, exploits vulnerabilities to download malicious files on a victim's computer. It then downloads a malware, noting the Whitehole that download other malware and push fake applications. This specific Trojan variant connects to certain websites to send and receive information as well as terminates certain processes. It also downloads additional malicious files onto already infected systems, whilst ransomware typically locks systems until users pay money via specific payment modes.

Malaysia’s scenario on online new consumption
In Malaysia, we have seen online news consumption on the rise, with many now getting news on their mobile phones, tablets, laptops or other mobile platforms.

According to a recent study conducted by ***Trend Micro with their Malaysian Facebook fans which polled more than a thousand people, 70% of respondents actually get their news source via online news sites and portals. Apart from news sites over 90% users also received their local news from Facebook, Twitter, Blog sites, Forums and other networking sites.

About 50% of the respondents are also comfortable with sharing their login IDs and passwords with others to access online portals that require membership. 50% of respondents do click on appealing promotions and advertisements pop-ups while surfing the Internet, whilst another 22% will do it for the sake of fun or being inquisitive and the remaining 28% either ignore or disable the pop-ups.

As many as 44% respondents said they have no qualms sharing their information such as emails, contact numbers with these news portals. Interestingly, about 25% of the respondents said they encountered scenarios of security breaches where their personal information ended up in other online portals that they don’t access. In such cases, 65% said they would lodge a report with the administrator, 10% said they would lodge a police report and 25% don’t see a need for any action.

The need to build a smarter and safer digital social culture
From the survey, the findings were not entirely new or surprising. Millions of people are getting their news online or interacting and socializing on websites, creating a large pool of potential victims that attract cybercriminals. Click-jacking, fake applications, malvertising and social engineering are just some of the tactics used in order to deliver malware.

To be secured, one needs more than the standard antivirus and spyware protection. Ensure your solution offers protection on WiFi hotspots, antispam blocking, and search engine result ratings that will help consumer to decide if a website is safe to visit.

Trend Micro’s Maximum Security is built to address these malicious traits. Operating on real time protection, the cloud infrastructure continuously updates new malicious links, apps and software by indicating the possible risks of a particular site or link.

Trend Micro Maximum Security works across multiple operating systems which include Windows, Mac and Android. The alarming findings of an approximately 1mil malwares to be recorded on the Android platform in 2013 underlines the crucial need of a user to be protected at all times.

*Source: http://krebsonsecurity.com/2013/02/exploit-sat-on-la-times-website-for-6-weeks/
**Source: http://www.gmanetwork.com/news/story/294043/scitech/technology/new-whitehole-
malware-exploit-kit-revealed
***Source: Study conducted via www.facebook.com/TrendMicroMY fans