The little lock icon that appears on a Web browser window frame
when a secure connection exists between a browser and a Web server may
be lulling users into a false sense of security.

The reality is that secure connections, in which data is
encrypted using Secure Sockets Layer (SSL) technology before being
transmitted over the Web, is increasingly being used to hide and spread
malicious code, according to a report from security vendor Kaspersky
Labs.

The issue is certainly not new. Security analysts have for long
warned about the possibility of hackers exploiting encrypted SSL
connections to sneak viruses and other malicious code past firewalls,
antivirus software and intrusion detection systems. But what’s lending
greater urgency to the issue now is the widespread use of SSL
communications by banks, retailers, e-commerce sites and e-mail
providers on the Internet, said Shane Coursen, a senior technical
consultant at Kaspersky.

ComputerWorld