The 17 Most Dangerous Places on the Web
by Nick Mediati
September 27, 2010 — PCWorld
Threat 1 >> Malicious Flash files that can infect your PC
The Place: Websites that use Flash
If You Have to Go There: To help protect against Flash-based attacks, make sure you keep your Flash browser plug-ins up-to-date. And you can configure the Flash plug-in to ask you before it downloads any Flash cookies.
Threat 2 >> Shortened links that lead you to potentially harmful places
The Place: Twitter
If You Have to Go There: Simply don't click links. Of course, that takes some of the fun out of Twitter. The other option is to use a Twitter client app. TweetDeck and Tweetie for Mac have preview features that let you see the full URL before you go to the site in question. Some link-shortening services, such as Bit.ly, attempt to filter out malicious links, but it seems to be a manual process, not an automatic one. TinyURL has a preview service you can turn on.
Threat 3 >> E-mail scams or attachments that get you to install malware or give up personal info
The Place: Your e-mail inbox
If You Have to Go There: Don't trust anything in your inbox. Instead of clicking on links in a retailer's e-mail, go directly to the retailer's site.
Threat 4 >> Malware hiding in video, music, or software downloads
The Place: Torrent sites
If You Have to Go There: It's probably best to avoid torrent sites entirely, given their untrustworthy content, but if you must visit, use a secondary PC to protect your main system. Use antivirus software, and keep it updated. Scan downloaded files and wait a couple of days before opening them. Brand-new malware can be tricky to catch, but the delay in opening may allow your antivirus software to get the necessary signatures.
Threat 5 >> Malware in photos or videos of scantily clad women
The Place: 'Legitimate' porn sites
If You Have to Go There: Be suspicious of video downloads, or sites that require you to install video codecs to view videos (see the next threat, below). Using tools like AVG's LinkScanner and McAfee's SiteAdvisor can help you weed out the malicious sites. And, again, consider visiting such sites on a secondary machine. You don't want your browser history on the family PC.
Threat 6 >> Trojan horses disguised as video codecs, infecting your PC with malware
The Place: Video download sites, peer-to-peer networks
If You Have to Go There: Your safest option is to stick with well-known video sites such as YouTube and Vimeo. And for catching up on the latest episodes of your favorite TV shows, sites and services like Hulu, TV.com, ABC.com, and iTunes are safer than peer-to-peer networks.
Threat 7 >> Geolocation--your smartphone and perhaps other parties know where you are
The Place: Your smartphone
If You Have to Go There: Be particular about the location-based sites, apps, and services that you use. As shown in the screenshot at right services such as Yelp provide good examples of useful location-aware apps. On the other hand, weigh the privacy implications of services like FourSquare or the new Facebook Places feature, and consider how much you feel comfortable divulging. (Read more on how to retain privacy on FourSquare and Facebook Places.)
Threat 8 >> 'Poisoned' search engine results that go to malware-carrying Websites
The Place: Search engines
If You Have to Go There: Pick and choose which sites to go to. Don't just blindly click search results; check each URL first to make sure that it really leads to the site you want. Although any site can be hacked, visiting the Washington Post's story on a hot news topic, for example, is probably a wiser choice than following a link to a site you've never heard of before.
Threat 9 >> Malicious PDFs that try to fool you into installing malware
The Place: Hacked Websites, plus your inbox
If You Have to Go There: First, always make sure that you're running the latest version of Adobe Reader.You can also use a different PDF reader, such as Foxit Reader. This can protect you from attacks on holes in Adobe Reader itself, but it won't make you immune to all PDF attacks, such as the newer ones that embed malware inside the PDFs. Make sure, also, that you update to Adobe Reader 9.3.3 or later (Reader 8 users should update to version 8.3.3 or later); these updates change the way Adobe Reader handles non-PDF attachments and reduce the risk from such attacks. You can turn off Adobe Reader's ability to open non-PDF attachments by going to Preferences, clicking Trust Manager, and unchecking Allow opening of non-PDF file attachments with external applications.The next major release of Acrobat and Reader will provide a new "protected mode" against these attacks.
Threat 10 >> Malicious video files using flaws in player software to hijack PCs
The Place: Video download sites
If You Have to Go There: Keep your player software up-to-date. Apple and Microsoft periodically release patches for QuickTime and Windows Media Player, respectively. Avoid downloading videos at random. Stick to well-known video sites such as YouTube, or to download services like iTunes.
Threat 11 >> Drive-by downloads that install malware when you visit a site
The Place: Hacked legitimate sites
If You Have to Go There: The first thing to do is to keep your security software up-to-date, and to run regular malware scans. Many security suites can flag suspicious downloads.
Threat 12 >> Fake antivirus software that extorts money--and your credit card information
The Place: Your inbox, hacked legitimate sites
If You Have to Go There: If you get an alert saying you're infected with malware, but it didn't come from the antivirus software you knowingly installed, stop what you're doing. Try booting into Safe Mode and running a scan using your legitimate antivirus software. However, such a scan may not clean up all of the malware-either the scanner doesn't have a signature for one fragment, or that piece doesn't act like traditional malware. This may render behavioral detection (which spots malware based on how it acts on your system) useless. If all else fails, you may need to call in a professional.
Threat 13 >> Fraudulent ads on sites that lead you to scams or malware
The Place: Just about any ad-supported Website
If You Have to Go There: Most large sites, such as PCWorld.com, have ad sales departments that work frequently with a core group of large advertisers, so it's probably safe to click a Microsoft ad on the New York Times site. But as the Google Sponsored Links incident shows, nothing is entirely fail-safe.
Threat 14 >> Questionable Facebook apps
The Place: Facebook
If You Have to Go There: Be selective about the apps you add to your profile--don't take every quiz, for example. Check your privacy settings for Facebook apps, as well: Click the Account drop-down menu in the upper-right corner of Facebook's site, select Privacy Settings, and then click Edit your settings under 'Applications and Websites'. There, you can control which apps have access to your data, and which of your friends can see what information from apps (such as quiz results); you can also turn off Facebook apps altogether.
Threat 15 >> Sites that lure you in, get you to sign up, then sell your e-mail address for spam
The Place: 'Free electronics' sites
Threat 16 >> Phishing 2.0 on social networks that tricks you into downloading malware or giving your Facebook login information to a criminal
The Place: Social networks
If You Have to Go There: Don't trust every link posted to Facebook, even if one of your friends posted it. Be especially suspicious if the post is out of the ordinary for that person. Check the person's wall or Twitter @-replies to see if anyone is concerned that the person's account has been compromised.And if you suspect that your account has been hijacked, change your password immediately. Both Facebook and Twitter have resources to help you keep up-to-date on the latest threats on both sites. Facebook users should visit its security page; if you're on Twitter, be sure to follow @spam and @safety for Twitter security best practices.
Threat 17 >> Oversharing--exposing too much personal information on your social network profiles
The Place: Social networks
If You Have to Go There: This particular threat is relatively easy to avoid, in that a little common sense can go a long way: Just be mindful of what you post. Do you really need to publish your home address and phone number to your Facebook profile? Finally, be certain to check your privacy settings to make sure that you're not divulging your deepest, darkest secrets to all 500 million Facebook users.