Web-based Malware is an emerging security threat for websites and web users. Hackers are now planting malicious code on legitimate websites in an effort to distribute viruses to consumers. (This attack is often called a “drive-bydownload”). Once the viruses are installed on users’ PCs, the hackers can monetize those compromised PCs in various ways (including logging users’ keystrokes or using the compromised PCs to send spam email).
The malicious code that hackers inject on websites is Web-based Malware, and it is very different from the typical virus that might infect a user’s PC. Web-based Malware runs in a web browser and often works by embedding in, sourcing in, or redirecting to malicious content from a hacker's website. Web-based Malware can be written in HTML, Javascript, Dynamic HTML, AJAX, Flash, PDF, or a variety of other programming languages. By contrast, a PC-based virus often takes the form of an executable file that runs code directly on the computer's microprocessor as opposed to being interpreted by the web browser. Attackers often use Web-based Malware to infect web pages so that those web pages can serve as distribution points for traditional, PC-based viruses.
Figure 1 - How Attackers Use Websites to Distribute Malware
What happens when a website gets infected with Web-based Malware?
80% of the sites found to be serving malicious code are, in fact, legitimate sites that have been hacked and infected with Web-based Malware1. There are approximately
1,000,000 malicious web pages discovered each month2. When a website gets infected with Web-based Malware, it is at risk of getting blacklisted by browsers, search engines, and desktop anti-virus companies. Internet users are prevented from accessing blacklisted sites.
Figure 2 - Google and Firefox blacklist a website that is infected with Web-based Malware
The above graphic illustrates the user experience when trying to access a site that
has been blacklisted by Google and Firefox. In this case, Google’s crawlers encountered this website while it was indexing the web. The crawlers detected that
the site was infected with Web-based Malware, and subsequently Google applied a warning saying, “This site may harm your computer.” in the search results. Firefox
users were blocked from accessing the site completely. As a result, traffic from to
this site would plummet. Microsoft’s Internet Explorer and Live Search, Symantec
Norton, McAfee SiteAdvisor, and many other browsers, search engines, and desktop
anti-virus companies also blacklist websites.
Once a site is blacklisted, it can take days or even weeks for the site to clear its
name from the blacklist. During this time, the website is experiencing significant
business losses:
· Customer loss (visitors are blocked from accessing the site; the site is “off the air”)
· Brand damage (the blacklisting hits the blogosphere and Twitter; the site loses confidence and trust of existing and new users)
· Support costs (site has to engage in emergency technical fixes while fielding concerned calls and emails from their customers)
The following are some direct quotes from website owners who were infected with Web-based Malware and subsequently blacklisted3:
“Just hoping for the best right now, my traffic has dropped 95% - 98%”
“Because of this block I am losing thousands of dollars at a critical time of the year”
[During a blacklisting]: “It’s a tremendous burden on my support staff because we get constant email about it”
“My site was blacklisted for a week. I lost at least $10,000 in ecommerce revenue.”
“The attacks occurred weeks ago, and I'm only now getting back to my normal levels of traffic.”
To help web businesses defend against malware attacks and avoid losses of traffic,
reputation, and revenue, Dasient has developed the world’s first and only complete
Web Anti-Malware (WAM) service. The Dasient WAM provides end-to-end protection
by monitoring websites for Web-based Malware infections. When an infection is
detected, Dasient WAM Monitoring will alert the website owner and provide
diagnostic information to remove the malicious code on the site. Dasient WAM can
also automatically quarantine any malicious code injected onto the website if the
customer (or their hosting provider) has deployed the Dasient WAM Quarantining
service. In many cases, website owners are alerted early enough that they can
avoid getting blacklisted altogether, even if their site was infected.(dasient.com)
What i should do? Download Antivirus Internet Security
No comments:
Post a Comment