Wednesday, September 17, 2008

Be careful when visiting "unauthorized" celebrity websites

The NBC Today show this morning noted that a lot of web surfers are getting infected by “unauthorized” celebrity fan sites, that apparent offer a lot of dangerous free stuff for download. Last year the biggest problem was Paris Hilton; now it seems to be Brad Pitt. Reuters has a blog entry this morning “Don’t Mess With Brad Pitt in Cyberspace” by Belinda Goldsmith, link here.

The safest place to learn about celebrities (including photos, videos, and message boards) is probably Wikipedia has interesting articles about many celebrities, who automatically meet the site's "notability" requirements.

But, of course, many visitors want to see a lot more and use search engines to look up celebrities (as they would their own friends). One good idea is to look at the search engine results with McAfee Site Advisor or Web of Trust turned on. Most of the sites are probably merely silly and harmless. There are questions about the legality of unauthorized sites created by others and the celebrity’s “right of publicity”. Celebrities generally don’t create their own sites to promote themselves, but they often create sites for charities they support or political causes they work on (Leonardo Di Carpio and global warming is a good example, link here), or for specific television shows that they run or movies they are in (which are generally set up by networks, studios and distribution companies, not the celebrities themselves). If the site is flagged, read the report first before visiting it. Rarely, it’s possible to get infected by visiting such a site at all (this has been a problem with fake anti-virus downloads that had false domain names and then start a Windows box application to either a download or invite the visitor to download. I’m not sure why a browser gets fooled by a file marked .html and still runs an exe file; it would seem that browser security updates should prevent that. In a few cases, such sites have been created before McAfee gets around to rating them, or before their viruses are logged in DAT files. Generally search engine companies remove them when they learn about them.

A few people have been infected by fake anti-virus software which even without prompting a download. Sometimes an infection might be discovered by a running of a virus scan with an updated DAT file.

It's important to remember that McAfee will downgrade some sites for being linked to too many yellow or red sites. Bloggers should keep this in mind. There have been some problems with McAfee incorrectly flagging links ("false positives") in emails on AOL when read by Mozilla browsers.

Always stay alert online. If you bank or do brokerage online, always watch your numbers frequently and make sure nothing unusual has happened.


Jason Short said...

This is true of a lot of sites today on the net. They will attempt to confuse the user or misdirect their attention. Let the user think they are downloading a windows media update and install a virus on them...

As far as linking to bad sites affecting McAfee it is true. But it will also impact your Google pagerank. Sites that see you linking out to bad sites will sometimes assume you are bad. This can be a big problem with comment spam in blogs. If you have a blog make sure your comments are not filled with fake medicine ads or links to adult websites. You may end up guilt by association.

Bill Boushka said...

Good point. That's why I moderate comments. Recently, I went through the comments on my blogs put there before moderation, and removed the comments with spammy links. There were some.