Overview of Web-based Malware

Dasient Delivers the Complete Lifecycle of Malware Protection

Web-based Malware is an emerging security threat for websites and web users. Hackers are now planting malicious code on legitimate websites in an effort to distribute viruses to consumers. These attacks can take several forms, including “drive-by-downloads” and “dangerous downloads.” In a drive-by-download attack, a virus is downloaded to the user’s computer, simply by loading an infected web page in a browser; no other interaction on the part of the user other than loading the web page will result in an infection. In a “dangerous download” attack, hackers plant malicious files such as executables, documents, or images that contain viruses on a legitimate, victim web site, and users get infected when they click on links to the malicious files.


The Four Steps of Web-Based Malware Infections

Once the viruses infect users' PCs, the hackers can monetize those compromised PCs in various ways, including logging users’ keystrokes or using the compromised PCs to send spam email.

The malicious code that hackers inject on websites is called Web-based Malware, and is very different from the viruses themselves that might infect a user’s PC. Web-based Malware runs in a web browser and often works by embedding in, sourcing in, or redirecting to malicious content from a hacker’s website. Web-based Malware can be written in HTML, Javascript, Dynamic HTML, AJAX, Flash, PDF, or a variety of other programming languages. By contrast, a PC-based virus often takes the form of an executable file that runs code directly on the computer’s microprocessor as opposed to being interpreted by the web browser. Attackers often use Web-based Malware to infect web pages so that those web pages can serve as distribution points for traditional, PC-based viruses. A typical sequence of events in which a user first visits a web page infected with web-based malware, and then as a result gets a virus downloaded to his or her PC is shown below.

How do websites get infected with Web-based Malware?

There are many different ways that websites can get infected with Web-based Malware, including:

  • Sourcing in malicious content: Websites often source in content from third-party widgets or mash-ups. If you use third-party widgets or mash-ups on your web site, and any of the third-party content providers gets infected, then your website can also get infected as a result.
  • Compromised FTP credentials: Hackers can compromise websites using stolen administrative credentials and inject malicious code on to the site.
  • Malicious advertisements (“malvertising”): Content publishers and ad networks have become victims of malvertising, where attackers create a malicious advertisement and inject it into a legitimate ad network. The malicious ad is served to users during normal ad rotation on a publisher site, resulting in a virus being downloaded to consumers’ computers who are viewing the ad.
  • User generated content: Attackers can upload malicious HTML, files (such as images or documents), or links to any website that accepts submissions from its users. This includes blog comments, product feedback and ratings, or other user-generated content.
  • Vulnerabilities in web applications: Hackers can use vulnerabilities in common web software packages to inject malicious code onto websites.
  • Vulnerabilities in the network: Network vulnerabilities can be exploited to gain access to web servers and infect all of the websites hosted on those servers.

To help web businesses defend against malware attacks and avoid losses of traffic, reputation, and revenue, Dasient has developed the world’s first and only complete Web Anti-Malware (WAM) service.

 


Dasient WAM provides end-to-end protection by monitoring websites for Web-based Malware infections. When an infection is detected, Dasient WAM Monitoring will alert the website owner and provide diagnostic information to remove the malicious code on the site. Dasient WAM can also automatically quarantine any malicious code injected onto the website if the customer (or their hosting provider) has deployed the Dasient Malware Recovery service.

Get a Free White Paper

Drive-by-Downloads and Web Malware Threats

LEARN MORE »



Check Your Domain

Already a Dasient Customer?
Log-in to your account.




Stay in Touch

Our Blog
read & comment

Twitter
@dasient