Remember when you are shopping online there are malicious web pages out there – here is some advice

In the run up to Christmas many of us are shopping online – I know I am. It is tempting to keep following links looking for the best prices and the best price is what the internet promises us because we can shop everywhere. However the bad actors know this is something many less than tech savvy people will be doing and so they lay their carefully crafted traps, on sites that appear to be legitimate and to offer the best prices, but in reality the site simply downloads malicious code to the unsuspecting users machine.

There are so many people out shopping online that this is a worthwhile investment of the hacker’s resources. Remember to them this is just a business.

SANS has evidence today of a simple piece of web site malicious code, that evaded many scanners, that is an example of what I have described above.

Python Shellcode Injection From JSON Data (sans.edu)

What should you do when shopping online

  • Shop only at brands you have heard of – they may not have the best price but you know who you are dealing with (sorry that may not be the answer you want)
  • Have a great anti-virus package installed and keep it up to date. Get one that operates a black list of malicious sites, and stops you visiting them. This defends against the undetectable code as you never get to the site.
  • Get advice quickly if you think you have made a mistake.

Here is a slide from my social engineering training course that has a few more thing to be aware of:

Social engineering slide - malicious websites

How do I know if my machine is infected?

Here is another slide from my social engineering course to help with that:

Social engineering slide - infected computer

More help and advice

Here are a couple of articles from the Octagon blog about online shopping that give more useful advice to protect yourself:

Malware is on the rise! – Octagon Technology

Shop online with confidence – Octagon Technology

Installing systems to protect people from and dealing with incidents like these is something the team at Octagon Technology are very good at and they are always there to help.

Just be careful when shopping online.

Clive Catton MSc (Cyber Security) – by-line and other articles