Cyber-thieves target popular sites: report

All it can take is one click on a link posted by a Facebook friend and you're infected.

The infection will sit quietly and patiently, gleaning your passwords as you go about logging into your bank accounts and social networking profiles, looking to steal your identity and your money.

Malware infections are nothing new in the online world but they are becoming more sophisticated, according to a new report.

The 2011 Mid-Year Security Report, by a web security provider, said criminal organisations operating malware networks were increasingly targeting popular and trusted websites.

An internet user visiting a popular website or search engine can be infected by clicking on an ad, known as "malvertising" - the second most common form of malware delivery, behind search engine poisoning.

Crooks are also targeting social networking sites, making profile login details a valuable commodity among malware operators, said Greg Singh, systems engineering manager of security provider Blue Coat.

"In times gone by, people used to pick up these types of malware infections typically from what we'd term `dark places' on the internet, like when you go searching for free software ... people would often pick it up at pornography sites or gambling sites," Mr Singh told AAP.

"What's happening now is that the malware infection points are infiltrating trusted and popular websites, quite often these sites have been hacked for use by cyber-criminal organisations.

"Social networking credentials have become one of the most valuable commodities ... they can then log on and they have the look and feel of being exactly you."

Once they've logged in under your profile, they can post links directing your friends and followers to infected sites, with the potential to infect hundreds of people at a time.

The criminal groups that steal this information will then sell it to different organisations that want to steal your money.

These networks are usually based in Eastern Europe, particularly Russia, Ukraine and Moldova, but operate using stolen infrastructure from all over the world, making them hard to track down, Mr Singh said.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark