Abducting a legitimate website. The attack process begins with hackers abducting a legitimate website. Readers can refer to the previous article to learn more about typical website attacks. The purpose of this step is to insert a malicious website or malicious code on a legitimate website. On the surface of malicious content can be displayed as a simple ad or a frame that users can hardly recognize.
Users access the kidnapped website. This is a step where hackers lose their activeness and have to sit and wait for users to access the websites they kidnap and hope that on the PC of users still have software that has not been fixed security errors. Full like multimedia supplement application error or text editing application error .
Secrets of downloading malicious content. When users access kidnapped websites, the hacked code will automatically activate content downloads or redirect users to malicious hackers' websites. The goal of this step is to determine what operating system the user is using, what web browser, and whether a security error has not been fixed.
Download malicious code to PC. Having such information, hackers will immediately know where to attack. For example, a malicious website that identifies a multimedia add-on application on a user's browser will immediately send a multimedia content. When this content is played back on the website the user is accessing, that's when the malicious code is downloaded to the user's PC.
Activate malicious code infection. The advantage of security vulnerabilities in multimedia add-on applications such as on the malicious code built into the content that the malicious website sent will automatically be activated to infect the user's PC.
Malicious activity. After successfully infecting the PC the malicious user will perform the tasks that the hacker has assigned to it, such as hijacking the PC to turn it into a tool to help hackers perform dark or steal purposes. personal information of users .
It is long, but the entire attack process is almost instantaneous with the website being loaded and displayed in the browser. Users are unaware that they have been infected with malicious code when accessing legitimate websites.
Software security error
As mentioned above, software security error is a prerequisite to ensure the success of 'drive-by-download' attack.
Security errors are loopholes in the software. If an attacker successfully exploits these loopholes, they can completely control the software to do what it does not have the functionality to do.
Specifically, successfully exploiting the security error, hackers can control the software that makes mistakes on the user's PC:
- Activate a script that hackers send
- Download files from the Internet
- Open a file on the user's PC
- Disable and make the application hang completely
Starting in 2003 malicious code began taking advantage of security flaws to attack users. Specifically, it was the computer worm Blaster and Sasser. Successfully exploiting the vulnerability of Windows operating system, these two computer worms have gained the ability to automatically infect and spread. And most recently, the outbreak of Conficker also through another security error in Microsoft's Windows operating system.
Today hackers also target both web browser security bugs, ActiveX Control, browser applications, multimedia applications, file content browsing applications . Just a security error has not been The fix is completely malicious code can easily break into the PC without the user knowing.
Notably, the statistics show that the majority of users have not paid attention to installing security updates for the software even though developers have tried to develop features that allow The software is automatically corrected.
Attack tool kit
Finding a security error that can be used to attack a user's PC is not a simple task. But hackers have the support of web attack toolkits.
These are software designed to help identify security flaws present on the user's PC system. These software are widely available on the Internet such as Neosploit, MPack, Icepack, El Fiesta, or Adpack. Hackers have taken advantage of these tools to help them simplify the determination of errors on users' PCs for attack purposes.
Usually in the above tools, there are many codes that exploit different software bugs. Not only that, it is constantly updated with the latest error information so it can be said that this is a very dangerous tool for users.
( Continued )