Virus spread on new way of method, people can be not realizing that their computer has been infected. Many years before, malware mostly spread through e-mail attachment. Finally, Bagle, Mydoom, and Warezov can spread out wide. Now, email attachment in EXE file (and any kind of file which have potency to bring malware) already can be filtered.

Malware creator don’t want to give up, they decide to change they pattern to spread their creation, they chose web site as the way to force attack. The attack still starts with spam but there is no file attached. That spam contain link to the web which have codes that will install malware. It can be said that computer infected by HTTP not SMTP. When someone open website, the infection immediately happened except operating system, browser application, and plugin which is installed in browser already have patched. But generally, most of people let their system open without patch. Infection can also happen when someone click links to download program at website that contain malware.

There are some method which malware creator used in order to get people visit their site, the way that usually malware creator do is to send spam that contain interested message so that people persuaded to click the link. Some of favorite message are “There is a video of you on YouTube”, “You have receive a greeting card”, or “Thank you for your order”.

Another trick is making a lot of website page with thousands of different keyword so that Google indexed that web site. When someone uses Google to searching, that website page appears on Google search page result and ready to be clicked.

Third way the malware creator use to spread their creation is to hack popular website, website that has large traffic. They won’t do deface, they still use the main page, but they add a few scripts that will make visitor computer got infected. Unfortunately, there is no any sign appear on visitor screen, everything looks normal.

This thing ever happens to website of popular magazine which have millions of visitor everyday. Those people routinely visit that website without any suspicion.

Another way is to make advertisement on popular website. If they do this, they have not to hack website in order to install their malware to visitors.

This malware spread alteration have to be always watched carefully, lot of company measure their security system by the number of attachment that they successfully block, I just can say that, its indeed they succeed to block large number of attachment. But it’s not the risk of infection.