One of the things that is generally assumed about IT security is that the bad guys are making use of some massive amount of IT infrastructure they invested in to send malware. In reality, a report from Agari, a provider of an anti-phishing cloud security service, suggests that real primary source of all that malware out there is systems that have been compromised.

The latest cybercrime alert from the FBI warns of malware targeting personal bank accounts, high-end retailers and even those who work at home.

Security in the coming year is going to be more complex than ever to manage. The attack vectors are widening and the skill sets of the hacker community are getting sharper with each passing day.

By now you’re familiar with the basic phishing e-mail. You know the one -- it comes from a bank you don’t do business with asking you to verify personal information such as your name, Social Security Number and your existing bank account information. The e-mail may claim the bank it purports to represent has a check to deposit to your account, is trying to clear a check or something else along those lines. These phishing e-mails are easy to spot, their misspelled words obvious and the bogus links show up clearly. They’re also fairly easy to fight.

For some Apple users the holiday season of 2011 was not happy as two different scams tried to trick users into giving up their passwords, sign-in names and even credit card numbers. As Apple becomes more popular so do the number of scammers who want an illegal piece of the action.

The news that the Chamber of Commerce was hacked into by Chinese apparatchiks should come as a shock to no one. It was only recently we posted a blog concerning the Chinese hacking into both AT&T and Verizon networks by implanting eavesdropping technology into network equipment purchased by American companies overseas.

Last week the Federal Deposit Insurance Corp. (FDIC) and Better Business Bureau (BBB) issued alerts warning of phishing attacks targeted at both banks and their depositors.

Phishing has been one of the banes of e-mail ever since the first e-mail delivery services emerged. Now more than a decade later it looks as though we finally may be witnessing the beginning of a broad-based effort to curtail, if not eliminate, the vast majority of phishing attacks.