Is your network is properly protected against web threats? Do you weigh in a false sense of security?
The pirates are changing their habits and use of new methods, web, dynamic in nature and usually hidden in legitimate sites. The end user remains the weakest link in the Web security as malware writers exploit this weakness to launch their attacks, hunting human interest, and curiosity behavior. Social networks are "trusted" and users rely on their IT administrators to protect and lulls all into a false sense of security.
Exploiting news events - Hackers use stories as to trick users
Barely 24 hours after the announcement was the death of Qaddafi, we released that targeted malware that exploit the curiosity to see the history of big news began to be transmitted. Cybercriminals use human interest - and big news stories of the world as they generate a huge amount of hedging activities and the Internet. The same thing happened when bin Laden is dead, and when the royal wedding took place - and the trend will continue. The same trick is Halloween and other seasonal stories used, we saw many of these occur on social networking sites and others. Social engineering attacks to convince users to download content to the alleged event that is infected with new strains of malware related. Any event that is of interest and the interest generated is used to spread malware scams, fraud and other.
Insecurity browsers and plug-ins - only with Windows Update is not enough
Although your favorite web browser and operating system can be saved and corrected, the reality is that most people do not update plug-ins. Java, Adobe Flash and Adobe Reader plug-ins are often outdated and there are Web exploits that use this weakness to infect networks. Web exploits that specifically target this vulnerability (such as the Black Hole exploit kit) are increasingly popular in the cyber-criminals.
Compromised high profile Webs and "drive-by downloads"
So how to distribute these vulnerabilities? The first method is "fast flux" sites, sites that are created solely for the purpose of distributing malware for a short time. The second way is to compromise a site level and the injection of a "drive-by download" - a piece of code that infects a user when they have a website (there is no need of anything, click here - just visit the site of infection is the user's computer - so that drive-by). Usps.gov the site and the site were exposed to mysql.org these two types of attacks.
There is a third method of spreading these infections. Instead of using a website, send a malware authors content on Web advertising companies infected. This content is then passed on thousands of websites with these promotional affiliates, and each site hosting the ads is to spread malware, and this code is detected. The London Stock Exchange was a website that exposed to these types of attacks this year, even though it was by far not the only way.
Search Engine Poisoning
End users have become accustomed to rely on search engines. They (wrongly) believe that the well-known search engine like Google or Bing would never directly on a website that is infected with malicious software. But search engines do not really make a difference between sites, the search results according to their ranking algorithms. As a result of malware authors are flooding search results with links to the pages of bait to take the user to download malicious websites, malicious software on their computers. As users became more suspicious you are certain types of links, this type of search image search now, the most difficult to avoid are moved.
Evolve as Internet threats, it is more difficult to ignore exposed to the threat posed by the user browsing the Internet, and further develop as an attack, you must ensure that your Web browsing activity n ' is not so expect more than you.