A posting from Dark reading in there Vulnerability and Threat section:
As cybercriminals have shifted their techniques to get the most efficiency out of their attack campaigns, some of their favorite methods involve two-pronged attacks to first compromise legitimate Web servers and then use them to, in turn, infect unsuspecting visitors to seemingly innocuous sites. While much of this illicit malicious activity occurs behind the backs of these organizations, there are increasing number of businesses that upon being informed that their IPs are engaging in bad behavior stall indefinitely or wait months to remediate the situation.
Whether it is willful denial, a lack of preparation to respond quickly to news of this kind of infection, or simply a lack of resources to be able to properly clean up their online messes, the net effect is that businesses are complicit in spreading malware online, says Srinivas Kumar, CTO of TaaSERA. As he puts it, it is the height of hypocrisy considering how much proselytizing that so many organizations have done in the past to users about how users endanger end-to-end trust in online transactions by using infected devices. Now it is the businesses themselves that are infecting the unknowing users.
To read more click here: