Imperva released its second Hacker Intelligence Initiative (HII) report that discloses the intricate workings of a "Search Engine Poisoning" (SEP) campaign. The attack, witnessed by Imperva"s Application Defense Center (ADC), was extremely successful and continued to run for at least 15 months without any apparent counter-measures employed by search engines. This acutely illustrates how websites - often unbeknownst to their administrator - and Web search engines become the conduit for these types of attack and demonstrates that more needs to be done to stop malware being spread in this fashion.
A report just issued showing the infamous Zeus malware as having shot to the number two spot in the malware charts comes as no surprise, says Trusteer. According to Amit Klein, the Web browser security specialist's CTO, since his research team confirmed in spring 2011 that the Zeus source code had effectively been cracked and shared between cybercriminals, a rise in the usage of the malware by darker elements of the Internet was inevitable.