Growth of the Underground Cybercrime Economy 94
AC50 writes "According to research from Trend Micro's TrendLabs compromised Web sites are gaining in importance on malicious sites created specifically by cyber-criminals. The research debunks the conventional wisdom about not visiting questionable sites, because even trusted Web sites such as those belonging to Fortune 500 companies, schools, and government organizations can serve forth malware."
No kidding! (Score:1, Interesting)
Re:it's called No Script (Score:3, Interesting)
Might help out, might not. If I had something like that running in my company I reckon I could reduce half the problems (as opposed to making the proxy server do all the work).
The Power of Google (Score:5, Interesting)
http://www.google.com/search?q=site:.gov+viagra [google.com]
Only two pwned sites in the top 10 for
It'd be ironic if idtheft.utah.gov was handing out malware.
Replace viagra with other spamwords & you'll get more of the same
Re:The Power of Google (Score:5, Interesting)
http://www.google.com/search?q=site:k12.ny.us+viagra [google.com]
That brings up pwned K-12 school websites from New York
http://www.google.com/search?q=site:.ny.us+ringtones [google.com]
This frequently brings up state websites
EG: New York State's Division of Military and Naval Affairs website has been exploited.
I don't mean to pick on New York, but they seem to be worse than many other States.
Replace
Re:it's called No Script (Score:5, Interesting)
Eventually, I wonder if the Web browser should be completely enclosed in its own VM, where it doesn't require an explicit launching of a client OS, perhaps similar to how Thinstall wraps applications so all changes are only written to a sandbox directory. Vista's protected mode in IE7 is a start, where IE7 does not have access to the full Registry, but more separated from the rest of the machine with limits on CPU and other resources.
Re:Windows XP SP3 (Score:3, Interesting)
And I say suckers not because they installed SP2, but because they had so much spyware that it could actually cause sp2 to fail and leave them without a working computer. I don't know if it still is that way or not. But it was a problem when it first came out. I also have a couple printers and some barcode readers fail on sp2 or an update right around that time. Yea, basically a serial connection fails to work and needed to be replaced with a newer version to run in XPsp2. I don't know what they were doing with the Barcode reader that required that much of a tie in to XP that a service pack or an update could break it's operation. But anyways, things breaking is probably a more valid reason these people are gun shy the just laziness. Although, I wouldn't completely discount laziness.
No news is old news (Score:2, Interesting)
Firstly, everyone in this market puts out these sort of research reports - monthly, quarterly, annually, it varies - partly to inform and educate, but mostly for the PR value. Of course everyone sees much the same threat environment, so they're all much of a muchness, PR spin notwithstanding. I don't see my employers' annual threat survey on the Slashdot front page; hmmmm, maybe I should submit it? Or maybe not...
Secondly - "serve forth" PUH-leassseee... just reminds me of the great UK rapper Silver Bullet and his popular number, "Bring Forth the Guillotine! [wikipedia.org]" from 89. Oh hey, look, anti-virus software... silver bullet... myth... hmmmm.
Re:it's called fleeing in terror! (Score:2, Interesting)
Re:Windows XP SP3 (Score:3, Interesting)