The recent super-sophisticated phishing attack against online payment service PayPal was yet more proof that the inability of anti-virus and firewall tools to stop new threats is the worst-kept secret in computer security.
The attack exploited a cross-site scripting flaw, allowing unknown fraudsters to inject a phony warning message and malicious phishing Web site link into a page served by a PayPal secure server.
The attacks have anti-virus stalwarts scrambling to plug the holes in their security armor. Last week, McAfee launched a beta program for Falcon, a new “total protection” suite with SiteAdvisor software to sniff out malicious Web sites. Symantec is also getting into the game, announcing a new transaction security software package this week called Norton Confidential.
Continue at Source...
News Source: Yahoo