September 2, 2009 | The Wall Street Journal

A growing number of small companies are falling prey to hackers.

Attackers are increasingly infiltrating small businesses’ Web sites and using them to quietly drop malicious programs, typically designed to steal personal financial information, onto the computers of visitors, security experts say. Some are also digging around in databases for valuable information or trying to capture e-commerce customers’ credit-card numbers.

Small businesses often assume that they are too tiny to catch hackers’ attention. But the truth is that hackers don’t care who you are. Most of the time, they use automated programs to exploit a flaw in some piece of common software used by millions and attack them en masse. “There’s a huge incentive for them [hackers] to infect as many Web pages as they can, so they can infect as many users as possible,” says Ian Fette, a product manager at Google Inc., of Mountain View, Calif. Small sites with less security expertise are often easy targets.

In the first half of this year, 61% of the Web’s top 100 sites delivered something malicious to visitors because a hacker broke in and planted something nefarious, according to WebsenseInc., a San Diego company known for its Web-filtering software. More than three-fourths of infected sites are legitimate sites, as opposed to sketchy operations such as spammer or file-sharing sites, the firm says.

Continue reading the main story