One of the biggest trends hackers did last year was the idea of compromising legitimate web sites and inserting malicious code into them.  This has made it all the more difficult to determine truly legitimate sites versus sites that have been compromised, but were built with a legitimate intent.  Well, you can assume that this has been a very successful method to distribute malware, so as much as I hate to say it, expect to see much more of it this year.

Last year we saw hackers exploit trusted brands, and we can expect to see more of the same this year - especially with the popularity (and relative insecurity) of social networking sites.

The threat of choice typically involves modifying Web pages to serve up malicious content to visitors. So instead of directly attacking users, the attackers let users come to them.

It’s also easier for the bad guys to pull off these attacks. Last year we saw the proliferation of professional attack kits for sale over the Web (a phishing kit, for example, allows somebody to set up every aspect of a phishing attack). “The guys selling this stuff are providing updates, just like you would see with a legitimate software provider,” said Marc Fossi, a security specialist with Symantec Canada.[more]

Tags: Malware