social engineering

Would you click if it showed on the NY Times website? - Really would you?

Yesterday Fierce CIO reported that New York Times falls victim to rogue ad. This is a trend that seems to be happening more frequently. Rogue malware ads are appearing in a lot of places these days in areas most people would trust as authoritative and reliable sources of information. It is unknown how much the rogue malware “seller” may have gotten by putting the ad on the NY Times website but they likely made something from unsuspecting users. The NY Times did suffer some amount of loss since they disabled all third party ads until the rogue ad was removed. What would you do if an ad popped up on a trusted website saying your computer was infected? Most IT professionals would disregard the message as their systems SHOULD already be protected. However, how much of the general population is not an IT professional (at least outside of their own home )?

What can and should the security industry do to educate users about these social engineering tactics? Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like - based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?

Thinking out loud here folks - offer some suggestions. Your input is welcome and appreciated.

Thanks for reading and let’s continue to be good network citizens!

=========================

20090918 Update:

E-Week reports that there is a surge in click fraud. According to the article this is similar to the NY Times advertisement malware threat discussed above. I fear this trend will only get worse. What is a legitimate advertiser or web services organization to do?

Need help? Ask questions - help someone - read my blog & win one of 3 XBox 360’s

Looking for some help on some troublesome IT isssues? Post your question on IT Knowledge Exchange. Maybe take some time to read through some of the questions on ITKE. Provide an answer or even improve answers already given or give some discussion feedback. By doing these things with other IT peers, you could just win one of three XBox 360’s to be given away in April.

While you are her on ITKE, why not take some time, read through a few of my blog postings, maybe there is something there that would be of value to you or someone else you know. Send your fellow IT peers to ITKE. Make this the best free online support community and a one-stop shop for getting the support you need for those IT issues we each face every day.

Some of my blogs that will hopefully be of interest to you include:

What did I just do with my contacts list? - Social Engineering/Networking & contact list scraping

Network speed & capacity are NOT the same

Financial crisis due to poor risk understanding & management - IT security next?

Nifty tools for tracking down that “interesting” network traffic

PROTOCOL analysis vs protocol analysis (with a small p)

Good luck with the contest! Stay tuned for more and thanks for reading. Let’s continue to be good network citizens together.