For a time, online advertisements have been a constant source of not only nuisance but of malware as well. Earlier this month, we’ve seen malicious banner ads being served on popular Web sites, such as Myspace, Excite, and Blick. This time, TrendLabs was alerted to malicious banner ads infiltrating legitimate special interest Web sites such as Expedia.com and Rhapsody.com. According to Trend Micro security experts, certain malicious .SWF banners have hacked their way into Expedia.com, a popular site for travel enthusiasts ...

This issue is something that we have blogged about on several occasions recently here on the TrendLabs blog, but sometimes the issue needs to be highlighted and emphasized to articulate the underlying trends that are emerging. How bad is the problem of compromised Web sites/Web servers in The Internet? Epic. Brian Krebs wrote earlier today about how alarming this issue has really become -- and we are seeing the same alarming level of escalation. Why? Insecure Web site implementation and/or no ongoing effort ...

Historically, "sensitive" networks have traditionally enjoyed a sense of security due to their total, and complete separation from publicly accessible networks. In fact, most of us old-school "security wonks" have always joked about the fact that the "...only real security is a pair of wire cutters..." to humorously illustrate the fact that nothing is really secure that is exposed to uncertainty, or untrusted access. This has always been true in my personal background, having worked in U.S. Military COMSEC disciplines over many ...

Being an old-school network engineering flunky, with a heavy dose of network security discipline, it somehow never ceases to amaze me that people just don't seem learn from their mistakes -- or other people's mistakes, as the case may be. Almost five (5) years ago, the SQL Slammer worm should have made people realize that having these types of critical infrastructure resources accessible from the The Internet is just a really, really bad idea. But apparently people just don't seem to learn ...

Earlier this month, you may recall that there were several reports of a large-scale compromise of thousands of Web pages (some search results indicate upwards of ~100,000 pages) via a mass SQL injection attack, which placed malicious JavaScript redirects to malware. These Web pages included those belonging to Fortune 500 corporations, state government agencies, and schools. Today, we see yet another example that it is not only small or isolated Web sites that are affected (or targeted), but also popular ...