
"Web-based attacks are really the propagation method of choice now for malware authors. It’s no longer the case where they try to send around emails with attached programs. It’s now the case that they’re trying to attach themselves to websites that a number of people are going to be looking at," explained Biviano. “In essence it’s bringing the audience to them.”
Website attacks in the masses are the future for a hacker, he warned there’s no point just getting access to one site anymore.
“You remember the days when a single website would get attacked as a nuisance. It’s now all about making money and getting your piece of malware on as many machines as you can.”
Trend Micro revealed last week that as part of a major attack on legitimate websites the Virus Encyclopedia on its public online resource had been hacked.
The attack was part of a bigger attack where approximately 30, 000 other sites were infected. “It was just that Trend was a victim [too],” said Biviano.
The VE search on the Trend Micro site is open to customers and the general public and provides information about specific malware, explained Biviano.
He also confirmed that there was no impact on customers and that no customer information or private data is stored that could have been compromised.
“Web-users [will] have extreme difficulty telling if a site is going to infect their machine with a piece of malware,” he added.
“It’s the case now that a piece of anti-virus software is not going to tell you the answer to that question. It’s a matter of picking and choosing,” he said.
Trend Micro has updated and patched its online public Virus Encyclopedia (VE) after external hackers altered part of the listing.