In recent years malicious website threats are increasing dramatically, this is due to the increasing number of online active users and web resources. Web-based attacks are growing, most Malware like TDSS, Zeus are spreading over the Internet. This is only what we know about cybercrime.
Attacker’s main purposes are to urge victims to download and install a malicious executable files on their machine but there are other type of attack that do not involve downloading and installing executable files like XSS or CRS.
Generally attacking over the web consists of two parts:
- victim navigates to a malicious resource
- Loading Malware on victim machine and execute it
Attackers are using all possible channels to attract users to their malicious resource: e-mail, instant messaging, social networks, search engines, advertising or simply putting malicious links anywhere. On some cases the attacker even do not perform any special work to attract user.
Malware loading part can be made by two options the first social engineering techniques and the second exploits vulnerability in a software installed on his computer.
A few years ago spam has been associated only with advertising email. Now spammers are using many other channels: instant messaging, social networks, blogs, forums and even SMS.
Most spams are including malicious executable file or a link to a malicious resource. Attackers are actively using social engineering techniques to attract users to follow a link and download or install a malicious file.
This may cover some part of mechanism used by cybercriminal on Internet as Today Cyberspace is not secure, you can follow a link on a search engine or visit your favorite website that has been infected to turn your computer into a zombie.
To make sure that you are safe it is very important to keep all your software updated and use a modern integrated security solution with the latest definition.
make sure you subscribe to my RSS feed!