Over the last few months I’ve been doing a lot of work with the Stop Badware group. The charter of the team is to provide a Net neighborhood watch program. It started out with shutting down adware and spyware providers but lately the cases are mostly victims of digital parasites. The problem has been framed in articles before as iframe injection or javascript injection attacks. I’ve been calling the attackers nits lately after the lice they remind me of. Most of the code injections occur at the edges of a html document. The spiders/robots used must be programed to infest a page around <body> and <html> tags. It’s an interesting resemblence to head lice which infest humans around the scalp line but not often deeper into the scalp.
To take the analogy further digitally lousy websites are not an indication that the owners are unsanitary. In the past, websites known to infect those who visit were of the porn or warez variety. But very average sites commonly become infected these days until they are detected and notified. They are sometimes shocked and humiliated when they discover that they have become infected even though they don’t have any reason to be. These small and medium sized business owners have no way of affording a $200/hr security consultant to inspect their code and web server for flaws. And despite their protests, Google and others are providing a public service by isolating the infectious from the general population. Since the Internet is not built upon a central command and control model it is difficult to shut down the sites those injected frames and scripts point to. Isolation is the only real method to slow down the infection rate.
Stay tuned, this tension between public good and small and medium business will only become more interesting with time.
ps. Even though I do work for SBW I in no way represent their opinions or values. Technically I’m not even staff.
Post a Comment