If you are an IT professional providing customers with Internet connectivity solutions you know that the internet is a scary place. Back in the dark ages (before 1993) when things started out everyone using the internet trusted each other. Unfortunately things changed drastically and trust is a thing of the past on the internet.
When you set up an internet connection for a customer you do everything you can to protect them, you set up a restrictive firewall, you have a proxy that enforces policy for web surfing as far as possible. You also use all possible means to block spam and viruses in e-mail before they reach the lusers that still believe Bill Gates will give them free Nokia cellphones.
After you did all the technical stuff, you tell everyone (you know it falls on deaf ears, but you have to try) that they must not visit those porn sites, that they must copy links in e-mail and paste them into their browser rather than simply clicking on them etc. So what happens when one of the lusers that actually listened goes to a legitimate website and still have his windows computer exploited? Or if they are lucky the lusers get a warning from their anti-virus software and the site gets blocked.
The sad part is that even very competent IT professionals have extreme difficulty to prevent all exploits on the internet even when they do all the right things. You can read a fascinating account in the Gauteng Linux Users Group mail list archives of such a case where someone’s web site got exploited by quite a nasty man in the middle attack.
In short, a windows server (every one says, we are not surprised) was compromised in a data centre and intercepted traffic from other servers on the same local network. By doing this it managed to redirect innocent visitors of well managed websites to malicious websites that attempted to compromise the visitors’ machines. You can read the gory details at http://www.linux.org.za/Lists-Archives/glug-tech-0905/msg00009.html and more detail at http://www.linux.org.za/Lists-Archives/glug-tech-0905/msg00026.html. Links to the whole thread is at http://www.linux.org.za/Lists-Archives/glug-tech-0905/threads.html
The real scary part is that you cannot do much about something like this because even if you do have a secure local net and the web server you visit has a secure local net, this type of attack can be done anywhere in the path between you and the web server you are visiting.
Be careful out there.