What’s happening: Industry statistics (and our own experience) continue to demonstrate that the vast majority of websites lack proper security controls. Cybercriminals are turning these inadequately-secured websites into traps for unwary visitors. Unwary visitors can get their computers “owned” by these criminals even if they’re running traditional antivirus / anti-spyware solutions.
What it means: If you have a website, you have a legal and moral responsibility to secure that site.
Visitors to websites must exercise great caution to keep from getting their computer “owned” by cyberthieves. Once cybercriminals “own” a computer, they can steal user-ids / passwords and other sensitive information, send spam, display pop-up ads, etc.
What to do: Management must ensure organizational websites are properly designed, implemented, tested and maintained.
Users should consider running Firefox with the NoScript add-in and replacing their antivirus/anti-spyware solution with a modern intrusion detection / prevention one.
Wall Street Journal:
A growing number of small companies are falling prey to hackers.
Attackers are increasingly infiltrating small businesses’ Web sites and using them to quietly drop malicious programs, typically designed to steal personal financial information, onto the computers of visitors, security experts say. Some are also digging around in databases for valuable information or trying to capture e-commerce customers’ credit-card numbers.