ATLANTA - Based on both current and historical security trends, IBM Internet Security Systems (ISS) today announced five major areas of holiday security risk for consumers and businesses, along with four suggestions for avoiding these risks during the holiday season.



These risks include but are not limited to:



* A new wave of malcode-carrying spam - Throughout the year, the IBM ISS X-Force security research team has observed a growing wave of "parasitic" malcode. These are malicious email payloads that bypass end-user security software (anti-virus, personal firewalls, etc.) and compromise the target computer. Once compromised, the computer comes under the remote control of criminals. This holiday shopping season, the X-Force team expects a wave of socially engineered "holiday cheer" emails that pack a malicious punch.  (Editor's Note:  Bypass end user security...Computer under Remote Control?  Hmmmm....) 



* New phishing theme: Bank merger mania - As banks continue to struggle and merge, the X-Force believes criminals will exploit shaky consumer confidence in the banking industry with a wave of phishing attacks designed to fool banking customers into revealing personal information such as account numbers and passwords.



* Spoofed online portals - As Black Friday approaches, IBM ISS expects to see phishing gangs launch a new generation of fake online shopping portals that spoof well-known brands, in an effort to steal credit card information. They also will likely promote these counterfeit sites with emails, offering steep discounts or "special sales."  (Editor's Note:  Steal credit card information?  Can they do that?)



* Tainted toys and gadgets - Every Christmas brings an abundance of electronic gadgets, smart-phones and auto-play DVDs. Past X-Force research has shown that some of these toys are loaded with malware and can be used by cybercriminals as a backdoor for entry into corporate networks.

• Web Browsers- Browsing is risky business.  In the past year, cybercriminals have increased their efforts to deface public Web sites by hiding malicious links on legitimate Web sites. When people visit these tainted sites, the hidden links automatically exploit vulnerabilities within their Web browsers and install malware that siphons off confidential end user information.

Editor's Note:  Wait a minute here...you mean to tell me that there's vulnerabilities within Web browsers that can allow our "confidential" end user info  such as credit/debit card information... to be siphoned off?  And now it's possible to "hide" a malicious link on a "legitimate" site?  You've got to be kidding right? 



This certainly couldn't be true could it? ...otherwise we'd have to equip online shoppers with their own personal card swiping device to ensure their card information remains secure! 



Continue Reading the Story at Dark Reading Here:  (will open in a new window)