How Malware Infects Websites

We all know that earning a spot on the Google blacklist can be devastating to your business.

 

If your web site is infected with malware then a visit from Google’s quality control team is sure to follow. Once they determine that a site is potentially harmful to visitors, they aren’t too keen on sending visitors your way.

 

Many web site owners may be alarmed at just how easily malware can infect websites and their users. While many different attack methods exist, the most common methods uses by cyber criminals are:

 

  • Injection attacks  to include code injection, command injections or database injections
  • Cross-site scripting
  • User created content
  • Malicious advertisements
  • Web application or server vulnerabilities

 

To make matters worse, it is now easier for malicious hackers to attack sites with malware than ever before. No longer is an attacker required to spend hours honing their coding skills to carry out an attack ever since the proliferation of “packaged” attack software—also called exploit or command-and-control (C&C) toolkits. These allow malicious hackers to develop malware much faster and at a much lower skill level. Take the ZeuS toolkit for example. It has accounted for more than 90,000 unique malicious code variants alone that have been found in the wild.

A walk through some attack scenarios

 

To see just how an attacker may infect an unsuspecting web site with malicious code, let’s follow along with a few common scenarios…

 

The attacker comes across a web site and he utilizes the site’s form fields to pass unfiltered queries to the database. This allows him to gain control of the database by either circumventing access controls or by gaining access to the user credentials stored in the account itself (possibly by using a SQL injection attack). Once the database is under his control, he has access to other areas of the web site allowing him to upload malicious software that attacks the site’s legitimate visitors.

 

Unfortunately, most attacks aren’t that dramatic in nature. Most happen because we allow users to create content that we share with the community. This content, whether it be a PDF, a video, an advertisement or even a comment, may contain malware that is used to infect our visitors.

 

Another situation where a site owner may find themselves a victim is due to their own negligence. So many web sites nowadays rely on third party applications like WordPress, Joomla!, MediaWiki and others as their foundation. These programs make it easy to get a fully functional, great looking web site up and running in a matter of hours. Unfortunately, web applications are ripe with vulnerabilities and unless they are patched any attacker who stumbles across them can find it easy to exploit to upload whatever code they choose.

 

As web sites grow more robust and complex, the opportunity for vulnerabilities will grow proportionately. Unless the owner is aware of how their site is vulnerable to attack, they will be powerless to prevent it.

Comments are closed.

>