Despite predictions of a gloomy holiday shopping season, Internet bargains, gas saving and easy price comparison \n\nspur online shopping. Millions are planning to do their shopping online from work to \n\nsave both time and money. But this might be opening the door to a whole other group \n\nof shoppers: cyber-criminals trolling for data and using malicious code to steal valuable information from corporate networks. The number of people shopping online from work is increasing, according to a \n\nrecent report released by Shop.org, which indicates that 55.8 percent of employees with \n\nInternet access at work, or roughly 72.8 million people, will shop for holiday gifts \n\nfrom work this year. This is up from 44.7 percent in 2005. Forrester Research is \n\nalso projecting that U.S. consumers will spend an estimated $44 billion online \n\nduring November and December 2008, up 12 percent from the same period last year.This online shopping surge is likely to become a cybercrime haven. Today's \n\ncybercriminals are infecting legitimate websites with their malicious code, gaining \n\nsignificant Web traffic volume without having to send out spam to promote infected \n\nwebsites. At the same time these attacks evade traditional protection solutions, as \n\nthese security measures are more effectively blocking websites correlated to links \n\nin mass spam. However, recent industry statistics show that 75 percent to 90 percent \n\nof malware on the Web originates from infected legitimate websites. Cybercriminals are especially keen to get data collected from employees shopping \n\nonline from work. Although stolen credit card numbers are still appealing to \n\ncyber-criminals, the abundance of such stolen information has commoditized in \n\nsuch a way that credit card numbers can only be traded for $10-$20. Sensitive and \n\nconfidential corporate data such as FTP or Citrix credentials on the other hand, are \n\n'premium' data that can be traded at a much higher price. Once an employee's PC at \n\nthe workplace is infected, a crimeware Trojan will stealthily send out valuable \n\ninformation to the cybercriminals 'drop zone'. Such information includes both \n\npersonal credentials as well as corporate sensitive information. Finjan's Malicious Code Research Center \n\nfinds more and more corporate information including FTP, Exchange and Citrix \n\ncredentials and even e-mail correspondence stored on crime-severs. It might come as a surprise, but the chance of getting infected by a \n\ndata-stealing Trojan is scarily high. An employee only needs to visit an infected \n\nshopping website to automatically get his PC compromised. Today's malware is \n\nespecially tailored to exploit multiple vulnerabilities in the browser, operating \n\nsystem, media player and other script-enabled applications. Malicious code is almost \n\nalways obfuscated or hidden in such a way that makes it 'invisible' to antivirus and \n\nsignature based security solutions. An estimated 80 percent of today's malware is \n\nobfuscated, as found by the Finjan Malicious Code Research Center. Once the malware \n\nneutralizes protection measures of the infected application, it downloads a \n\nmalicious 'payload', usually an advanced data-stealing Trojan. These Trojans are \n\noften highly sophisticated allowing cybercriminals to control the compromised PCs \n\nfrom a remote command and control center. A specific strain of 'Phishing Trojans' is capable of remaining latent, silently \n\nlistening to the browser communication and 'waking up' only when the user visits a \n\nspecific target website. The Trojan then takes control of the browser and a \n\ncarefully crafted webpage with tailored text boxes overlays the original webpage and \n\nsends the sensitive credentials to its masters. During this time, the browser \n\nmaintains its connection with the original website, so even when a secure SSL \n\nsession is in place and the familiar SSL sign appears, there is no guarantee that \n\ninformation can't be grabbed by a stealthy Trojan. Cy bercriminals are also keeping up with the latest consumer trends to employ the most effective social engineering techniques. As today's online shoppers are spending \n\nmore time hunting for discounts and special offers, cybercriminal s are taking advantage of this trend by drawing more victims to their infected \n\nweb pages. They do so by infecting websites that advertise discounted products or \n\nthat advertise special offers with the malicious ad compromising the visitor's PC. \n\nAnother way to draw visitors is through spam linked to malicious pages promoting \n\npopular shopping list items at special discounts. More sophisticated cybercriminals \n\nuse search engine optimization (SEO) techniques to craft infected webpages that are \n\nranked high when shoppers search for popular items or for special offers. These \n\nwebpages may be hosted on compromised legitimate websites, Web 2.0 sites or \n\ndedicated malware sites. Several precautions are recommended to protect employee and corporate data:\nAwareness is the first factor\u2014employees need to be made aware of the \n\nway cybercriminals think and be on alert when shopping for discounted or popular \n\nitems. \nThey should be especially careful when entering their credentials, regardless of \n\nthe reputation of the website or the shown SSL sign. \nDownloadable browser plug-in tools can be used to alert consumers what websites \n\nmight be infected with malware by giving a designation. \nCorporate IT staff needs to make sure all known vulnerabilities are patched and \n\nweb security measures are in place, ideally by deploying a secure web gateway that \n\nutilizes active real-time code inspection. With the online holiday shopping season just gearing up, businesses need to make \n\nsure they are well protected against today's cybercriminals so they don't enter the \n\nNew Year as victims of data theft. Ophir Shalitin is the marketing director at Finjan, a global provider of web security solutions \n\nfor the enterprise market. Finjan's Malicious Code Research Center (MCRC) is dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular \n\nprograms.