The 'Vanity Attack': Hazards of Googling Yourself
Who hasn't indulged in some ego surfing? About half of Internet users have Googled themselves, according to a Pew Internet and American Life study. And if ill-intentioned others guess correctly that you're one of those people who searches for his or her name online, your few moments of vanity could lead to a malware attack, and ultimately the loss of personal and business data stored on your computer.
Fortunately, new programs are becoming available that can help lower the risk of infection, and, along with a degree of caution online, can make all the difference.
Malware with your name on it
The names of well-known politicos and celebrities have long been the target of cybercriminals. Earlier this month, for example, Google warned users of targeted attacks against political figures gained through a known Internet Explorer vulnerability. (Microsoft offered a temporary fix-it, and continues to work on an official patch.)
But people who aren't making tabloid headlines may fall victim to highly targeted attacks, too, perhaps because of their data-sensitive job or high net worth. If a cybercriminal thinks there is an opportunity for financial gain by infiltrating your computer, an attack with your name on it may be in the works.
Attackers depend on exploiting vulnerabilities in a browser, but that's only half the equation the other half relies on people's innate, and therefore exploitable, curiosity about what others are saying about them online.
Anatomy of a vanity attack
In preparation for an attack, a devious malware wielder first identifies his intended victim, perhaps by using a social networking site.
"The attack process, as with any targeted attack, starts with some form of reconnaissance: The attacker searches the business social networking site LinkedIn for executives at the targeted organization," Mickey Boodaeim, chief executive officer of the Israeli security software firm Trusteer, said in a blog post. "LinkedIn is the perfect tool for this: One can easily find victims by searching the company name and the role they are after."
Next, the attacker builds a Web page that can transfer malware into a computer during a visit using a vulnerable browser. The unsuspecting visitor doesn't have to download a file or take any other action; the malware will install itself onto the computer through the browser, often without a trace.
"Now the attackers have a Web page that can be used to infect visitors with malware, and the name of the victim whose computer they want to compromise," Boodaeim said. "But how do they get the victim to visit this page? With the help of Google and their own vanity, of course."
The attacker adds the target's name to the malicious Web page and waits. And because of Google's comprehensive search engine combined with user egos, it probably won't be long.
Google regularly "reads and records" all websites to provide its search results. It also offers an automated service called Alerts to anyone with a Google account, so Google users can set up a search term tracker that monitor topics of interest, including themselves.
When Google "sees" the target's name on the malicious site, it will generate an alert, just as Google would for a normal site. The alert is then sent as an email notification to the target.
Who could resist? The target naturally clicks on the link. Once the page loads in the browser, game over: The malware is installed on the system and begins carrying out the attacker's assigned tasks.
Microsoft, Google, Chrome, Apple and others continuously monitor browser vulnerabilities and engineer patches, but it's always a race against cybercriminals, who continue to find new ways to breach computers. Your first line of defense is to keep your system and your browser up to date.
Meanwhile, browser security software programs can help users avert the types of attacks that involve nothing more than visiting a Web page. Most Internet security software suites include browser security features. Look for a package that includes a virtual browser that quarantines browser activity, creating a barrier between the browser and your computer's operating system. [Premium Security Suites Reviews]
Regardless of the security measures you choose to install, online security often comes down to you. If you're unfamiliar with a site or if a Web address sounds suspicious, resist your vanity and pass it by.
Leslie Meredith is a senior writer with TechNewsDaily, a sister site of SecurityNewsDaily.