Why Hackers have turned to malicious JavaScript Attacks

Malicious Javascript

by NAME, sophos.com
January 18th 2013

Why Hackers have turned to malicious JavaScript attacks

Website attacks have become a serious business proposition. In the past, hackers may have infected websites to gain notoriety or just to prove they could—but today, it’s all about the money. Reaching unsuspecting users through the web is easy and effective.

Hackers now use sophisticated techniques—like injecting inline JavaScript—to spread malware through the web.

Understanding how malicious JavaScript is used: A “drive-by download”

JavaScript is used as a vehicle to infect websites because it’s a programming language that underpins today’s web. It’s primarily used in the form of client-side JavaScript, implemented as part of a web browser in order to provide enhanced user interfaces and dynamic websites. With today’s Web 2.0 functionality, browsing the web without JavaScript support is no longer a realistic option.

Malware authors take advantage of this fact. They compromise popular, high-traffic, legitimate websites and redirect users to malicious web pages without the victim’s knowledge. This kick starts the infection process, and when people visit these malicious sites, further scripts exploit client-side vulnerabilities.

The use of injected, inline JavaScript is a way to hide the redirect more effectively than with simpler attack methods, such as simple iframe attacks. Malicious JavaScript attacks have grown significantly over the past three to four years and virtually all attacks include it, but today’s attacks are more complex.

Delivering malware via the web is now the cybercriminal’s favored means of attack, resulting in a newly infected website discovered every few seconds. Injecting malicious JavaScript into legitimate web pages allows hackers to silently redirect the victim’s browser to load content and malware from a remote server. This so called “drive-by download” has created a number of security challenges for organizations and end users alike.

Download our free Virus Removal Tool
Find what your antivirus missed

Original Page: http://pocket.co/sGyWj

Shared from Pocket



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s