Nasdaq admitted on Saturday that unidentified hackers had succeeded in planting malware on one of its portals.

The US stock exchange is keen to stress that trading systems were not affected by suspicious files found on Directors Desk, a web-based dashboard application used by an estimated 10,000 execs worldwide. In a statement, Nasdaq said that there was no evidence that customer information had been exposed by breach.

...

It adds that it is likely that the Directors Desk hack was designed to plant malware on the systems of users via drive-by-download attacks.

As the article mentions, site compromises like this are generally designed not to directly attack the server they have hijacked, but rather to use what has been a trusted destination to plant malware onto unsuspecting visitors. This can be especially relevant for people in large corporations who are still running an SOE of Windows XP (often pre-SP3) and Internet Explorer 6.

While not designed to protect the server, good browser security will prevent the endpoints from being compromised as well, defeating the ultimate aim of the attack.