“Client-side attacks are where the paradigm is going” stated Val Smith, founder of Attack Research, a company devoted to the in-depth understanding of computer based attacks. There is an emerging trend of new internet based attacks from China and Russia and using techniques such as blog spam and SQL injections. The immediate goal of these attacks appears to be the spread of malware and the collection of sensitive information. Some of these attacks may be purely a way for a hacker to expand their botnet--or the total number of computers that have been contaminated with the maleware (running autonomously and automatically) that may in the end serve as a springboard network for further malicious activities.
Preventative measures:
Because a botnet may involve the disbursal of malevolent software over a large geographic area, it is difficult to identify a pattern of offending computers. Some network administrators will use passive OS fingerprinting to identify attacks orginating from a botnet. Another method is to use specially configured hardware to use rate-based intrusion prevention systems that can react in realtime against attacks.