Exploiting Vulnerabilities with Malware
When a cyber criminal finds vulnerabilities in your website, they are quick to attack. First, they’ll decide why they want to access your site. Then based on their intent, they’ll determine the type of malware to use.
Website vulnerabilities – The more feature rich your website is, the more vulnerable it is to attack. Many website owners want to create an engaging user experience by offering photos, videos, shopping carts, and other dynamic elements. Research conducted by SiteLock and staff from the Wharton School of Business found that websites with high complexity can be 10 times more likely to be compromised than websites with low complexity. However, these types of complex code and third-party applications make a website susceptible to web application vulnerabilities. For example, a URL redirect is a popular web application vulnerability, in which the attacker will redirect a user to a malicious website in an effort to steal traffic and information.
- Injection attacks (code, command, database)
- Cross-site scripting
- User created content
- Malicious advertisements
- Web application or server vulnerabilities
Uploading malware through vulnerabilities in the website
If websites were still static text and images, it would be much more difficult for the bad guys to use a legitimate website to serve up malicious software. However, today's websites are powered by databases, complex code, and third-party applications that make the user experience much richer while opening the site to any number of vulnerabilities.
Take WordPress, for example. This blogging application has changed how websites are created by making it easy for anyone with a bit of technical knowledge to create a multimedia-rich, interactive website. It is so popular that it powers more than 50 million websites. WordPress's ease of use, however, was also the cause of a recent outbreak, in which between 30,000 and 100,000 sites running the application redirected victims to malicious sites.
Sites that installed a particular plug-in found their pages infected with code that redirected visitors to another site. This site would then infect the victim's computer with malware based on the operating system and applications that the computer was running. The Flashback Trojan that infected more than 500,000 Macs was one of the malicious programs that spread through this exploit.
Examples like this are not limited to WordPress, however. Applications like Joomla!, Drupal, MediaWiki, Magento, Zen Cart, and many others have all had vulnerabilities in them that allow malicious hackers to upload malware to these sites to be distributed to visitors.
