The major threat is from suspicious and malicious websites' drive-by-downloads

Hi malware fighters,

The greatest threat online is through using non-patched older software. Have it checked with Secunia PSI and keep that third party software fully patched and upgraded. Have all the essential updates for the OS software and you will not that easy fall prey to drive-by-downloads that now total up to 70% of the attack vectors inside suspicious websites that are maliciously injected with malcode. Websites should be more secure, have an eye for possible attack vectors like hidden suspicious inline scripts, link directs to whatever that may have changed recently by malcreants, obfuscated attack script, iFrame attacks, cross site scripting attacks, etc. etc. and use the right patched software, software developers should have better updating mechanisms, and the user should use protective extensions inside the browser like NoScript, RequestPolicy and ABP+ with malcode sites’ blocklists, WOT reputation scanner, and the avast shields activated. The difficulty without a secure in-browser protection is that the malicious sites’ landscape is ever-changing and a website that is clean now can have the suspicious or malicious status a few seconds later. So many, many times your protection is not recent and the vulnerability window stands wide ajar. NoScript is better because it protects against malcode every time and all of the time even for threats that haven’t yet materialized. Do not trust your clicks but use your common sense and be in-browser protected. Also realize the dangers of the stealth COM, active X elements brought into IE and all the possibly unwanted BHO’s, that make the protection inside IE somewhat more complicated, Use online resources to see what you’d better not allow…

polonus

Yes it has been that way for some time now.

Hi malware fighters,

Here an threat classification for attacks on online websites: http://projects.webappsec.org/Threat-Classification

polonus