As virus and malware protection gets more advanced and computer users get wise to the tricks scammers use, malicious hackers are getting downright crafty. One of the ways they come after your information is with a watering hole attack. It’s called that, because hackers stalk a site the way a cheetah might stalk a watering hole waiting for animals to gather around in one spot before attacking.
These crooks hack a real website and install their own code. What you end up with a perfectly normal looking website that you have no reason to be suspicious of. It could be a website you’ve been using for years without an issue.
Experts at Symantec (the company behind Norton Security) warn that attacks like these are increasing. They will often target a website that draws people together on a particular topic whether it be political or a social activity.
The Dali Lama’s website was attacked back in August with a frame that redirected users to a JAVA exploit that would allow backdoor access to your computer. The U.S. Department of Labor was also attacked in the same fashion with malicious code loaded onto pages visited by those looking for nuclear-related content.
Microsoft issued a security update to take care of that particular code.
Attackers are also focusing more and more on small businesses as a way to get to larger companies.
Sometimes the malicious code directs you to a fake website that looks very much like the real one. Sometimes it prompts you to download a browser update or a security update.
Be very careful of these kinds of pop-up updates. Don’t click on them. If you think your browser needs to be updated, do it from the developer’s site or set up automatic updates in your security software. Or you can check out this handy page that let’s you know if your browser is up-to-date. 
Set your security software for automatic updates or open the program and update from there.
Also, make sure you have good security software in place. Attacks like these are one of the reasons it’s important to upgrade from XP before Microsoft security support ends in April of 2014.
With no security support, there’s no fix for these kind of viruses if they infect your computer and there’s no one working on defenses to protect XP against them.