(Page 2 of 2)
"Criminal gangs are not only infecting Web pages, they are also trading user names and passwords to waltz straight onto corporate Web sites and plant dangerous code," Cluley said. "That means that even if your Web site does not have a vulnerability on it which can be exploited, the hackers can walk in through a side entrance."
Criminals can then target any computer user by sending e-mails containing links to the poisoned Web pages, directing victims to the malicious code. In some cases, Cluley said, the Web sites can even determine if the visitor is using a Mac or a PC , and deliver malware custom-written for the surfer's operating system.
"IT departments should regularly audit the user names and passwords which have FTP access to their Web site, and ensure that passwords are changed regularly so that if they do fall into the wrong hands, they cannot be abused for too long," Cluley said. "Some firms may wish to implement additional authentication methods to ensure that the person uploading code to the Web site really is who he or she claims to be."
The bottom line is that the money to be made through cybercrime is astronomical. Like other security analysts, Cluley said we can expect more criminals to adopt techniques used by legitimate businesses and software developers to streamline their activities.