Cyber-criminals breaching trusted websites

Cyber-criminals are increasingly targeting trusted websites to infect the computers of people viewing those sites, a successful strategy newly illustrated by a high-profile security lapse at the top US newspaper site. Thousands of visitors to The New York Times website last weekend had their screens fill with what appeared to be an automated scan for computer viruses, followed by warnings the scan had uncovered infections and a recommendation that the PC owners buy protection. Clicking on the offer probably installed a program designed to badger the consumer into buying worthless "scareware" in the future. Website attacks have replaced deceptive emails as the preferred method for financially motivated attacks, said Wolfgang Kandek, chief technology officer at security firm Qualys. Using websites makes it easier to fool consumers and also to evade company firewalls and related defensive systems.