Trusted Web Site? Not So Fast
It's not been a great year for Web security, so far. First we learn that <a href="http://www.informationweek.com/showArticle.jhtml;jsessionid=K2W1RSXSTB1REQSNDLRSKH0CJUNN2JVN?articleID=205900444&queryText=hacker-safe">HackerSafe</a> isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they <a href="http://informationweek.com/blog/main/archives/2008/01/driveby_pharmin.html;jsessionid=K2W1RSXSTB1REQSNDLRSKH0CJUNN2JV
January 23, 2008
It's not been a great year for Web security, so far. First we learn that HackerSafe isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they wish. And now it seems that so-called legitimate Web sites may not be so "legitimate" (or at least safe) after all.It's apparently so easy to infect existing Web sites that there's decreasing need for criminals to set up shill sites. At least that's the takeaway from a recent report published by security vendor Websense, which attempts to examine security trends for the second half of last year.
In fact, 51% of Web sites infected with malicious code are actually legitimate, but compromised, Web sites. This is actually a stark increase from the 30% or so of infected legitimate sites the company reported for the first half of 2007.
So this means that miscreants -- because the Web site security and development practices of conventional businesses are negligent -- don't even have to go through the trouble of developing and hosting a Web site, or even the bother of deluging everyone with spam designed to lure folks to a Web site trap.
No, all they have to do is find a trusted site that's already vulnerable. And that, unfortunately, seems all too easy.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024