We all know that the increasing sophistication of technology opens up literally dozens of new opportunities for those wanting to inflict harm on that technology’s users. The Internet is, if anything, an object lesson for this truism. Once the Internet became mainstream, so to did viruses, spybots, DOS attacks, and all the other nastiness we collectively refer to as malware. One long term weaknesses in the security armor of the Internet is cross-site scripting (XSS). For the better part of a decade it has for Internet users left a door wide open to an unwanted destructive potential.

XSS is merely code that is shuttled between senders–users or web pages, and receivers–other web pages. XSS often takes the form of JavaScript, which a web page uses to direct a receiving computer to act. XSS is mostly commonly used on dynamic web pages which respond to a user’s initial input. XSS is also potentially easy to stop, through the use of input validation, but such validation isn’t always implemented effectively, if implemented at all.

Michael Sutton, the vice president of security research at Zscaler, says that XSS typically needs a user to click a link, such as those that appear in spam or phishing efforts, which then strikes back at the user. But, he continues, XSS is becoming more sophisticated. Rather than being limited to a user-web site interaction, Sutton says that XSS efforts can now work within a web platform, such as a social networking environment, spreading itself readily among all users in the social network’s ecosystem.

Sutton also says that such sophisticated attacks, so far, have been by “[b]ored and bright individuals…tinkering with the concept”, and that “true criminals wait on the sidelines ready to move in when traditional techniques fail to achieve desired goals.” Translation: another malware threat to be concerned about. Not today, perhaps, but definitely tomorrow.

Solutions aren’t all that difficult. Users could quit doing stupid things. For instance, if you don’t know where an email originated, don’t click the link it contains. But, let’s face it, there’ll always be one or two of us who do it anyway. Which means that another level of protection is needed. Sutton says that’s got to be developers–they need to be more vigilant about writing into code the necessary protections for web programs, such as Microsoft has done with Internet Explorer 8.

Image Credit: jasonr611/Flickr

Steps To Remove Spyware

XSS and the Evolution of Malware Threats

(Please Bookmark this page and take a printout before performing the steps)(# If you are unable to run the given Spyware removal tools, please Rename the Spyware removal tools file name to iexplorer.exe while saving it and then run it)

1. Restart your computer. As your computer restarts but before Windows launches, tap "F8" key constantly. Use the arrow keys to highlight the "Safe Mode with Networking" option and then press ENTER.

2. Open Internet Explorer >> Click on Tools >> Click on Internet Options >> In the the Internet Options window click on the Connections tab >> Then click on the LAN settings button >> Now you will see Local Area Network (LAN) settings window >> Uncheck the checkbox labeled "Use a proxy server for your LAN" under the Proxy Server section and press OK.

3. Download and Run SmitfraudFix

# Run SmitfraudFix.exe and select the option 2 and follow the on screen instructions. Then select the option 5 and continue. Then Exit.

4. Download and Run Malwarebytes' AntiMalware.