HOW TO AVOID VIRUSES HOW TO AVOID VIRUSES Keep anti-virus software up to date. Maintain security patches for Internet Explorer. Use firewall software. Install software that scans websites for viruses. Sources: Sophos, Websense, Exploit Prevention Labs Digg



del.icio.us



Newsvine



Reddit



Facebook SAN FRANCISCO  Ordinary websites are fast-becoming a top security threat for PC users. Tainted Web pages first appeared in late 2005. Now, they're turning up as Google advertising links, on Wikipedia and elsewhere, "from top-tier names to mom and pop bakery shops," says Dan Hubbard, vice president of security research at Websense. VIDEO: How users can get "nailed in 30 seconds" Cybercrooks are corrupting Web pages by the tens of thousands. By tapping holes in the Internet Explorer browser, they implant tiny programs that connect the PC of anyone who simply clicks on the tainted page to a "mother ship" server, often in Russia or China. That central server collects data typed into online forms — banking log-ins and shopping cart transactions, for instance. It also hijacks the captured PC into a network of compromised PCs, known as "bots," to spread spam. In one recent sweep, security firm Cyveillance identified 50,000 corrupted pages. Websense estimates the actual number may be 10 times that. Cyveillance often recovers caches of sensitive data for 10,000 to 200,000 individuals stored on mother ship servers, says product manager James Brooks. Last week, Exploit Prevention Labs discovered that anyone who Googled "betterbusinessbureau" saw a sponsored link to "www.bbb.org," a legitimate site, among the paid-for search results bordering Google pages. But a crook had purchased the ad. Clicking on it connected the PC to a server in Russia that silently captured sensitive data typed by the PC user on all Web page forms. "It speaks to the level of cunning and sophistication of the bad guys," says Roger Thompson, chief technical officer of Exploit Prevention Labs. Google deleted the tainted ad "as soon as we were made aware of the problem," spokeswoman Diana Adair says. The search giant would not say how many similar ads it has taken down. Some corrupters taint and wait. On the Friday before the Super Bowl, anyone who visited the Dolphin Stadium website got connected to a server in China. It was poised to gather access codes for the popular PC game World of Warcraft. The thief sought to loot better weapons and spells from football fans who happen to be WOW gamers. Other corrupters use e-mail as a lure. Millions of spam e-mails with a bogus alert about Australian Prime Minister John Howard suffering a heart attack circulated in February. Clicking on a news link connected the recipient to a server set up to collect data from the transaction pages of 60 banks. Most often, attacks use fresh security holes in Internet Explorer, the dominant browser. China and the USA have the most websites tainted with viruses, security vendor Sophos says. Swartz reported from San Francisco; Acohido from Seattle Share this story: Digg del.icio.us Newsvine Reddit Facebook Conversation guidelines: USA TODAY welcomes your thoughts, stories and information related to this article. Please stay on topic and be respectful of others. Keep the conversation appropriate for interested readers across the map.