Skip to main content
American Bar Association

ABA Home
Membership
Member Resources
Public Resources
Legal Education
CLE
Calendar
Store
Publications
About The ABA
decorative graphic

decorative graphic
decorative graphic
decorative graphic
decorative graphic
ABA Site-tation
Avoiding Malware from Search Results and Twitter Posts: Drive-By-Downloads

Once upon a time simple advice could be followed to avoid computer viruses such as "Don't open e-mail attachments from strangers" or "Be careful what you download from the Internet."  Well, things are more complicated now: you can get virus and other malware infections on the Internet by simply navigating to websites, even those ranking high in search results from trusted sources like the Google search engine.  For several recent news  topics such as the Olympic games, a large earthquake in Chile, and Apple's iPad product announcements, many high ranking Google search results directed users to websites which contained malicious code that performed  "drive-by-download" attacks that infected users' computers with malware.

 

To perform drive-by-download attacks cybercriminals inject malicious code into popular, well-known websites, or alternatively monitor popular search topics (as can be found via the Google Trends website) and create their own websites which contain malware.  They use search engine optimization techniques to rank these websites high in Google search results for relevant keywords (often called "SEO poisoning" or "search poisoning" ).  When users click on the "poisoned" search results for the topics, the malware is automatically downloaded from the website to the users' computers via Javascript or other types of code.

 

Similarly, malware authors keep track of popular/"trending" topics in Twitter and create Twitter posts on these topics with links to sites that serve malware.  The popularity of shortened links, which hide the actual web address of linked websites on Twitter, is used to advantage by cybercriminals as users cannot easily tell if they link is to a suspicious web address.  A shortened link previewing function in the Twitter client Tweet Deck, as well as other shortened URL preview services, can help you determine the actual web addresses to which shortened URLs lead .

 

Important steps to protect your computer from drive-by-downloads include using antivirus software, firewalls, and  keeping your computer software up to date.  If you use the Firefox browser, a free extension/plug-in called  NoScript can also help avoid drive-by-downloads.  NoScript by default disables code such as Javascript from working on websites, which can prevent malicious scripts from installing malware on your computer.  When scripts are essential for the operation of certain sites, you have the option of allowing certain or all scripts to run on those sites, and can choose to allow them temporarily or to add them to a whitelist, which enables the scripts each time you visit the site. 

 

Products such as Sandboxie and Zone Alarm ForceField are designed to prevent drive-by-downloads and other Internet-borne malware attacks from affecting your computer by using "sandboxing" technology to try to isolate your web browser's activities from your computer's other activities.

 

LinkScanner and McAfee SiteAdvisor, and Web of Trust are browser extensions/plug-ins for browsers including Firefox and Internet Explorer that integrate with search results in your web browser to alert you to websites that potentially contain malicious code.  The warnings may not always be up-to-date or reliable, and any use should be in conjunction with other protection such as antivirus software, extensions/plugins such as NoScript, and/or sandboxing technology.  Internet Explorer 8 also has a "Smart Screen" feature which can be turned on to give similar warnings about website safety.

 

Other resources:

 

ABA Family Law eNewsletter

Avoid Loss of Law Firm Data and Business Downtime by Keeping Software Updated

 

Network World

Scammers abuse Google Trends to poison search results

 

MSNBC

Virus experts warn of 'Google poisoning'

 

Sophos

Olympic SEO Poisoning

 

McAfee Labs 

Chilean Earthquake Spawns Malware

 

Symantec

iPad SEO Poisoning Leads To Rogue Security Software

 

ZDNet

Cybercriminals hijack Twitter trending topics to serve malware

 

 

Friday PMA Blog Roundup - 03/12/10

ABA TECHSHOW is just a couple weeks away and many of the PMAs are gearing up to attend or speak, but they still found time to blog:

You can stay up-to-date on the latest blog posts from practice management advisors by subscribing to our PMA Pipe RSS Feed.

New articles from the LTRC: Smartphone Buying Guide,  Virtual PBX Phone Systems, Technology Trends for 2010, and More
Here's a sampling of the most recent technology articles published by the ABA Legal Technology Resource Center:
 
The popularity of smart phones has skyrocketed in the last few years, and lawyers have rapidly incorporated them into their law practices. With smart phone models and features evolving at a quick pace, it can be hard to determine what distinguishes one from another. Here are some differentiating factors to consider when shopping for a smart phone. [Read more]

 

Expand Your Reach with a Virtual PBX
A virtual PBX or phone system provides big firm phone functionality for the small firm budget. Virtual phone services offer professional quality voice communications at an affordable price while sparing you the expense and overhead of maintaining a phone system or a phone lease. You should be able to manage the service in a Web browser, view usage reports and add additional extensions and features as needed. Most virtual phone services also provide an automated attendant, call forwarding, and voicemail. [
Read more]

 

Technology trends for 2010
Undoubtedly, we will remember 2009 for widespread economic difficulty. Lawyers, law students and legal professionals alike faced tremendous challenges as clients cut back on legal services, billable hours fell and jobs disappeared. But 2009 was also a year of rapid technological change within the legal profession, fueled in part by economic pressure. More than ever, lawyers embraced social media, experimented with online data storage and online applications, and used technology to increase their mobility. As we move into 2010, technology will continue as a major tool for lawyers looking to overcome an economic environment fraught with uncertainty. Used carefully, technology can help lawyers become more effective and efficient. [
Read more]

 

Smartphone Voice Recognition, Dictation, and Transcription Software
Smartphones are increasingly gaining the ability to perform many tasks that laptop and desktop computers are capable of, enabling users to: search the Internet; view and send e-mail; create and edit documents; and take advantage of a wide variety of applications ("apps") with other functions. However, the small size of smartphone keyboards can hamper users' efficiency in typing, especially for those unaccustomed to using on-screen virtual keyboards on phones without physical keyboards. Fortunately, there are several voice recognition, dictation, and transcription software applications available that enable you to operate smartphones and input text just by using your voice. [
Read more]

 

Windows 7 Primer: Time to Upgrade?
Few would argue that Windows Vista was anything other than a disaster. Released on January 30, 2007, Vista was hampered by a series of problems including high technical requirements, complicated security features, and software incompatibility. Critical reception to Windows 7 has been far more favorable than Vista, and early reports suggest that Windows 7 adoption is easily outpacing Vista. But is Windows 7 right for your law firm? Here are a few factors to consider. [
Read more]

 

Visit the LTRC articles page for these technology articles and more.

Detailed Guide to Data Wiping - Hard Drives, SSDs, and Thumb Drives

Data security has become a constant concern for attorneys as client files and daily work product has moved almost entirely to digital format. Ensuring confidentiality and safeguarding client files now often means securing a hard drive rather than a physical file drawer.

But while attorneys dedicate much of their data security energy and dollars towards protecting current data -- that is, the data they use and access for ongoing or recent cases -- attention must also be given to the data that is no longer needed.

Whether the data is contained on an old computer that's being replaced, a backup system being upgraded, or a removable device like a USB thumb drive that's simply used to shuttle files around, it's vital that appropriate steps be taken to ensure that the data not fall into unintended hands.

Along those lines, Gizmodo recently published very detailed guide to wiping electronic data, addressing multiple methods and multiple devices, and why simply "erasing" the drive may not be enough:

Leave No Trace: How to Completely Erase Your Hard Drives, SSDs and Thumb Drives (Gizmodo)

One additional method not detailed in the guide, though it is mentioned in the comments, is physical destruction. Many commercial shredding companies now offer hard drive and other non-document shredding services that can be used to completely and permanently destroy all manner of data storage devices.

Friday PMA Blog Roundup - 03/05/10

Another great week of blogging from the law practice management advisors. Here are some of the highlights:

You can stay up-to-date on the latest blog posts from practice management advisors by subscribing to our PMA Pipe RSS Feed.

Friday PMA Blog Roundup - 02/26/10

The law practice management advisors had another busy week. Here's what they had to say on their blogs:

You can stay up-to-date on the latest blog posts from practice management advisors by subscribing to our PMA Pipe RSS Feed.

Technology, Ethics, and the Future of the Legal Profession on SSRN

The intersection of technology and ethics is one of the more popular topics of ongoing discussion within the legal community. Rapid and continuing developments in technology have run up against long-established rules and practices. The result has been uncertainty and confusion for many lawyers. But technology and ethics are part of a broader discussion about the future of the legal profession and the ways that lawyers can and should practice law in a rapidly changing world.

The discussion has taken place in many forums, from ethics opinions to commissions to blogging and social networking. But it's also taking place in law journals around the country, and many of the thoroughly researched and well argued journal articles are easily accessible on the Social Science Research Network (or "SSRN"). Here is a sampling of a few recent articles posted on SSRN:

  • Communications and the Internet: Facebook, E-Mail, and Beyond, David C. Hricik
    Mercer University - Walter F. George School of Law

    Hricik runs through the major ethics topics related to communications over the Internet, including social networking, misdirected and unsolicited e-mail, and more.

  • The Last Days of the American Lawyer, Thomas D. Morgan
    George Washington University Law School
    Morgan discusses the transformation of the American legal profession, partly as a result of breakthroughs in technology. The article is based on Morgan's book, The Vanishing American Lawyer (Oxford 2010).

  • How Should Lawyers Handle the Unintended Disclosure of Possibly Privileged Information, James Fischer
    Southwestern University School of Law
    Fischer writes about responding to unintended disclosure, an all-too-common occurrence in an era where communication and collaboration technology has made it easier to transmit documents and information than ever before.

These are just a few of the many legal profession, ethics, and technology articles available. Search SSRN or the ABA's free full-text online law journal search engine to find more.

New from LTRC: Litigation Support Software Comparison Chart

According to the 2009 ABA Legal Technology Survey Report: Litigation and Courtroom Technology volume, 43% of the respondents who reported that they practice in a courtroom reported that they personally use litigation support software.  Litigation support software is designed to aid lawyers in the process of litigation, and generally includes databases for organizing, searching, and reviewing discovery material including deposition transcripts, produced documents, and correspondence. The LTRC has created a comparison chart which includes information on features of several brands of litigation support software.  Please check each vendor's website for additional details and contact information.

 

Other resources:

 

ABA LTRC:

New from LTRC: Blog Provider Comparison Chart

Can You Peek? The Ethics of Mining Metadata

Case Management Comparison Chart

Time and Billing Software Comparison Chart

Blog Provider Comparison Chart

Metadata Ethics Opinions Around the U.S Comparison Chart

 

ABA Web Store:

The Lawyer's Guide to CT Summation iBlaze
2009 ABA Legal Technology Survey Report: Litigation and Courtroom Technology volume

Friday PMA Blog Roundup - 02/19/10

Here's what the law practice management advisors were blogging about this week:

You can stay up-to-date on the latest blog posts from practice management advisors by subscribing to our PMA Pipe RSS Feed.

1 - 10 Next

 Links

  Email the LTRC Staff (ltrc@abanet.org)
  Follow LTRC on Twitter
  Subscribe to Site-tation email
  ABA Site-tation Archive
  e-Newsletter archives (08/00 - 08/05)

 ‭(Hidden)‬ Admin Links

decorative graphic decorative graphic decorative graphic decorative graphic