Video: Techniques of the web criminal in 2008

Security firm Sophos has released two videos which highlight common ways that cybercriminals have been regularly exploiting the web in 2008.

One of these is the fake anti-virus attack or what Sophos calls scareware'. This is where a legitimate website has been compromised and is stuffed with keywords making them attractive in a Google search.

The homepage will have been modified with appended links to the malicious web page. It will also have been modified with obfuscated JavaScript, which will silently redirect the user to the fake anti-virus site.

Here it will alert you to the problem, and urge you to download security software. However this is actually a Trojan downloader, and instead of security software you've got malware.

Snickerdoodle cookies and fake anti-virus software

Sophos Labs


Another threat was that of the comment section of a legitimate website, where users have linked to fake website, - in this case porn.

Once you have clicked or pasted in the link it says you can only watch the chosen video if you have downloaded a codec. Its insistent that you download an executable file, and once you have down this, the malware is now on your computer.

Malicious porn spammers lead to malware

Sophos Labs


Sophos also recently released its security threat report and new computerised virus images this month.