Most malicious Web sites are now compromised legit sites
By Peter Wolchak
New research from Websense Security Labs has concluded that, for the first time, the number of legitimate Web sites that have been compromised by attackers has surpassed those purposefully created by criminals. The researchers said attackers are increasingly exploiting Web 2.0 applications and user-created content, and suggested organizations take additional steps to protect Web sites and online applications.
Especially attractive to hackers, Websense said, are sites with both good reputations and an established user base. For example, in August 2007 many visitors to the United Nations’ HIV/AIDS Asia Pacific portal inadvertently downloaded a Trojan horse that infected their computers with malicious code. These people then became part of a large botnet exploited by its controllers. Other attacks in 2007 included:
MySpace phishing: in September, the Phast Phlux Phishing scam gathered login information and then employed user profiles to spread the attack through friend lists.
Yahoo! Halloween greeting cards: an online greeting card was released two days before the holiday and tricked those without adequate Web security protection into downloading malicious code, which then stole information including passwords, credit card numbers and banking logins.
IRS spoof: in December, an e-mail scam claiming to be from the U.S. Internal Revenue Service and Better Business Bureau claimed a complaint to the U.S. Department of Justice was filed against the recipient’s company. A Trojan horse was stored in an attachment.
Mobile data and voice are great, as long as the signal is strong. And while mobile networks are pretty good these days, road warriors quickly discover that dead zones still exist.
sponsored by 
New research from Websense Security Labs has concluded that, for the first time, the number of legitimate Web sites that have been compromised by attackers has surpassed those purposefully created by criminals. The researchers said attackers are increasingly exploiting Web 2.0 applications and user-created content, and suggested organizations take additional steps to protect Web sites and online applications. 
