Vast majority of malware attacks spawned from legit sites | Ars Technica
Waylan Choy stashed this in Security - Cyber
The vast majority of sites that push malware on their visitors are legitimate online services that have been hacked as opposed to those hosted by attackers for the purposes of distributing malicious software, Google security researchers said Tuesday.
The operator of a software developer website that compromised computers belonging to Apple, Facebook, and other companies, for instance, had no idea it had been booby-trapped by attackers. In the past few months, tens of thousands of sites—including those operated by The Los Angeles Times, Seagate, and other reputable companies—have come under the spell of an exploitation toolkit known as Darkleech.