The Google paper contains many other salient points, such as the widespread use of banking Trojans (which I’ve written about several times), and how many major, trusted Web sites are infected, but I want to highlight one last topic. It’s becoming more common for the Web page exploits to test the client for the presence of unpatched software, be it Windows, Internet Explorer, Firefox, RealPlayer, Shockwave Flash, Java, or QuickTime. The exploits actually scan the computers looking for a specific vulnerability, and then infect it.
The lessons to learn from this are fourfold:
-- Malware is trending away from malicious e-mails to innocently infected Web sites
-- You must make sure that all client OS and applications are patched (and not just the OS)
-- Consider investing more in technologies that can mitigate these types of rogue threats
-- Educate end-users about the evolving malware threat to keep them alert
Good luck, and keep your eyes open.