Wednesday, December 10, 2008
"The use of malware on Web sites to steal passwords and other sensitive information is skyrocketing, according to a new report from the Anti-Phishing Working Group.
"The number of URLs with hidden code for stealing passwords nearly tripled between July 2007 and July 2008, to a record high of 9,529, while the number of malicious-application variants hit a high of 442 this May, the APWG reports in its quarterly report (PDF) issued this week.
"The increase is primarily due to malicious code being used in SQL injection attacks, in which a small malicious script is inserted into a database that feeds information to the Web site. Typically, the host site is legitimate such as BusinessWeek's, not a phishing site created for the sole purpose of stealing consumer data."
More at cnet...