How malicious websites infect you
These vulnerabilities are bugs or omissions (voluntary or not) when creating an application or site, which can be used ("exploited") by hackers. For example, a website may contain a vulnerability that allows access to an account by providing a specific but invalid password to the database, which causes the system to crash and allow the connection. There are countless vulnerabilities of all kinds, some of which can be used to spread malicious ads.
Of all the vulnerabilities, about 10% would be critical vulnerabilities. By "critical" is meant a vulnerability similar to the example given above with the password and which therefore makes it easy to compromise data.
How to spot a malicious or infected site?
Streaming, hacking, gambling or pornographic sites
There is always a certain category of websites that comes to mind when we talk about hacking. Sometimes the websites themselves are illegal.
The classic hacking vector is advertising asking you to visit such a site or download such a program. These same sites are usually not allowed by "classic" advertising agencies like Google. So they use other advertising boards, which place the advertisements of their choice, and this is not necessarily a good sign.
You can of course use ad blockers, but more and more websites forbid you to access if you do not accept ads.
You also need to know that these sites need two things: traffic and clicks on ads to make money. Here is why it is not necessarily in their interest to spread discrete ads that no one will click.
Drive By downloads
This is a popular malware propagation method of using another application for propagation.
Phishing
Hackers have several ploys to make you believe that their malicious site is an official site:
The typosquatting
This involves registering domain names similar to official sites, but with slight variations. Thus, a user who would like to type "facebook.com" too quickly in his address bar could type "facebok.com". Rest assured, in this example Facebook has planned the coup and has appropriated the domain name in time.
The domain shadowing
It involves hacking an upstream site and then creating a subdomain or web page redirecting to another website. The problem is more serious here because the domain name is correct ... but the site has been hacked.
Exploit kits
Vulnerabilities, there are everywhere, even in your browser! And exploiting them is their goal. The exploit kits hide in malicious Web pages while waiting for the users who visit them with versions of software or navigator not updated (and vulnerable).
When an attacker detects a brand new vulnerability, it is considered a "zero day". That is to say that only the pirate knows the vulnerability, it is not yet patched, and is therefore "exploitable in nature". From there, the hacker builds his exploitation kit and propagates it in web pages, either by using his own sites or by advertising on trusted sites (sometimes the advertising itself is exploited, allowing code propagation and pop-up usually not possible).
JavaScript infections
In the same way as an exploit kit, malicious Javascript code can spread on websites, performing a very specific action in the victim's browser. This code can be installed via browser extensions that provide access to all pages visited and therefore their content.
The malvertising
It's about finding vulnerabilities in an ad network, or more precisely in the code used to display advertisements in order to propagate malicious ads. The classic example is the use of trivial advertising, which then turns into malicious advertising. You may have already experienced the case of the pop-up window difficult to close on your smartphone, indicating that you have "won an iPhone", while you were visiting a popular news site.
Malicious redirects
It's possible that a site you visit (known or not) is hacked. Piracy does not necessarily mean closing the site, but sometimes it is very discreet: only the links are changed, to redirect you to other malicious sites (phishing).
No comments:
Post a Comment