During our beta period, we’ve monitored a small number of organizations. Two were hit by attackers in the most recent 12 months. In one case there were two types of attacks in quick succession, followed by denial-of-service attacks. In the other case it was two drive-by attacks within a short period of time.

Attackers go to great lengths to hide their identities—often using chains of servers in different countries, and domains registered in places where it’s hard to discover the owner.

In one attack injected javascript code (hacked into a home page) redirected browsers to a hijacked server in the Netherlands, using a domain registered in a Carribean nation.

And finally, it all linked to a server in a third country which held the payload of software that was supposed to download and infect the browsers.

This doesn’t mean the attack was from the last country in the chain—it just means the software was being stored on a server there.

[graphic snapped from Google Earth]