Newsletter Subscribe

Enter your email address below and subscribe to our newsletter

Infections from the web: cyber-crooks get clever

Share your love

jmatthews1.jpgAs security laboratories predicted at the beginning of the year, the use of web pages to distribute malware is becoming a popular trend.

This method has many advantages for cyber-crooks. First, if they manage to infect web pages that have a large number of visitors, they do not need to ‘advertise’ the infected pages through spam, etc. since users directly access the infected page. Users’ suspicions decrease as they do not fear being infected on trusted sites, and cyber-crooks’ costs are reduced. Consequently, users can be infected even if they have avoided accessing unsafe pages.

This method is ‘cleaner’ since users are not required to carry out actions such as downloading files.

This year Panda Security’s laboratory has detected several attacks that consisted of web page infections, some of which affected hundreds of thousands of pages.

How do these attacks work?

There are three ways in which cyber-crooks can infect a web page. The first involves exploiting vulnerabilities in the software installed on a server. The second is through bad configuration of the programmes installed and running. And the last, by stealing passwords for accessing the server using Trojans. These three techniques allow cyber-crooks, in addition to infecting the corporate website, to use the servers for a range of malicious actions, including hosting a program designed to infect visitors, distributing spam or storing stolen data.

Once they manage to access the web page, cyber-crooks usually add an iframe-type reference at the end of the file loaded by default, which indicates the malicious server. It usually indicates a PHP or IS script run on the attacked computer to select the best vulnerability for entering malware on the computer. This tool could be installed on the same server. Consequently, by hosting malware on third-party servers it is more difficult to locate. Malicious tools have been found that install malware from web pages that could be ‘activated’ from 7644 different pages.

These malicious tools use exploits to take advantage of vulnerabilities on users’ systems and enter malware. The process is as follows: they analyze the type of computer that is connected to the Internet and they launch one or more exploits that try to take advantage of the vulnerabilities the computer is most likely to have. For example, if the user’s browser is Internet Explorer 6, one or two exploits that affect that browser are launched.

Cases

Such an attack took place at the beginning of May and affected over 200,000 web pages. A security flaw allowed cyber-crooks to inject SQL code on an .asp page, which later allowed the insertion of a malicious iframe on hundreds of thousands of pages. This code is designed to redirect all visitors to compromised pages to a malicious website which analyzes systems for vulnerabilities that could be used to download all types of threats.

A few weeks later, a similar attack was detected in which the URLs that the malware redirected users to had been modified. Most of them were hosted on Chinese servers. Even though the number of affected pages was lower, the attack was highly dangerous.

How not to get caught

The difficulty in blocking these threats lies in their being carried out on web pages that seem safe and legitimate. In short, users are frequently infected on visiting a web page they regularly access. It is therefore advisable to follow these security measures:

– Have an up-to-date security solution: the solution must also detect known and unknown threats, so users are not vulnerable to new threats.

– Have up-to-date applications. These types of attacks frequently exploit computer vulnerabilities to carry out infections.

– Finally, it is advisable to scan the computer with an online security scan that is able to detect even the malware that goes undetected by traditional solutions.

About Jeremy Matthews –

Head of Panda Security’s sub-Saharan operations.
Originally from the UK, Jeremy is a twenty year veteran of the South African IT industry with a wide range of experience covering enterprise software sales and consulting, product marketing and distribution. Jeremy has worked extensively in the areas of systems integration, network connectivity and internet technologies.
Jeremy established the local Panda Security office in April 2006, opening up the international vendor’s first presence on the African continent.
Originally from the UK, Jeremy is a twenty year veteran of the South African IT industry with a wide range of experience covering enterprise software sales and consulting, product marketing and distribution. Jeremy has worked extensively in the areas of systems integration, network connectivity and internet technologies.
Jeremy established the local Panda Security office in April 2006, opening up the international vendor’s first presence on the African continent.

Share your love

Related Posts

Tendance actuelle

AVEVA Announces New Capabilities to Embed AI across Industrial Organizations & Data Infrastructure
5 Ways Digital Dentistry is Transforming South African Practices
Using AI to Anticipate Healthcare Air Quality Risks
Kaspersky Spots Rising Scam Activity around the 2026 World Cup

Stay informed and not overwhelmed, subscribe now!