It's one thing to click on a malicious site that impersonates a legitimate one. It's another thing entirely to click on a legitimate site with malicious codes -- thus inherently making it bad. Many unsuspecting shoppers will get duped when good Web sites are infiltrated by spyware and other forms of malware from an ad server hosted by a third-party site. "There are major efforts afoot this time of year, even for some "reputable" sites that have managed to be compromised by bad guys. Nobody's really immune to that," said Trend Micro's Ferguson.
And many legitimate retailers could be targets due to the high volume of Web traffic during the holiday season.
"A Web site isn't as monolithic as it seems," said Laura Yecies, vice president of Check Point Software Technology. "It's relatively easy to hack these third party Web sites if they're part of the primary site."