Legitimate Websites Delivering Malware

Web surfers are now most frequently attacked from legitimate providers’ hacked web sites.  The general assumption had always been that malware was only largely present on sex sites and other shady web sites, but these days all you need to do is visit your favourite newspaper website to come under silent attack.

Anti-virus vendor Avast reports reports that there are now 99 infected mainstream web sites for every infected “adult” site.  Current cases, such as the manipulation of Lenovo’s techical support server or of Vodafone’s UK server seem to support that finding. In the Vodafone case, attackers manipulated the BlackBerry product pages to upload an iFrame containing an exploit for an unpatched hole in the Windows Help Center.

Symantec has come to a similar conclusion.  Their report shows legitimate web site manipulation rose from 80% in 2009 to 90% this year.  Recently, for example, Chinese attackers managed to manipulate tens of thousands of Web servers via SQL injection vulnerabilities.  

Bottom Line:  Be CAREFUL Out There!  Consider taking advantage of some of the free tools noted on this site at home, and for pity sake, don’t scrimp on your protection at work!  Don’t fiddle with your anti-virus software, and do NOT disable your personal firewall software.  Remain cautiously optimistic about your email, and very skeptical of too good to be true offers.  And remember that clicking on links without taking precautions is just asking for trouble…