Avast WEBforum

Other => General Topics => Topic started by: polonus on September 16, 2010, 09:03:07 PM

Title: Main attack vectors to hack websites..
Post by: polonus on September 16, 2010, 09:03:07 PM

Hi malware fighters,

What to watch out for? Most attacks on hacked websites will place malicious JavaScript (74%), while malicious iFrames are being used for the remaining 26% of these attacks. JavaScript could have various advantages. It gives access to the DOM elements in the rest of the webpage, to provide attackers with additional info and possibilities to hide their malcode. An injected JavaScript gives access to the 'page referrer', adress bar, user cookies and could insert malicious content into a webpage. This is something iFrames can not do.
The best policy here is to fully patch and upgrade your software and OS, use a browser with a script blocking extension like NS, that could also block iFrames. For checking whether a web page is vulnerable or already being hacked and has malicious content, there are various online sources and specialist tools,

polonus

Title: Re: Main attack vectors to hack websites..
Post by: WeWatchYourWebsite on September 17, 2010, 11:46:18 AM

Malicious javascript and iframes aren't the attack vectors to hack websites, they are the result of a successful attack on some other software on a website.

The entire Dasient report is available here:

http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html (http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html)

Title: Re: Main attack vectors to hack websites..
Post by: Hermite15 on September 17, 2010, 12:10:07 PM

Quote from: WeWatchYourWebsite on September 17, 2010, 11:46:18 AM

Malicious javascript and iframes aren't the attack vectors to hack websites, they are the result of a successful attack on some other software on a website.

The entire Dasient report is available here:

http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html (http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html)

good post ;)

 @ Pol: would be nice to not just copy/paste an article with a few modifications, but instead quote it and give the link. Sorry man what you did there is just not acceptable at all >>> you're posting it as if you wrote it yourself, not mentioning that your interpretation, as mentioned by the above poster, was wrong.

 ps: I mean it's not just that, many of the articles whose authors you're impersonating are copyrighted alright?

Title: Re: Main attack vectors to hack websites..
Post by: Hard_ROCKER on September 17, 2010, 01:31:12 PM

+1

Title: Re: Main attack vectors to hack websites..
Post by: Hermite15 on September 17, 2010, 06:20:11 PM

about "Web Site Content Theft"
http://sbinfocanada.about.com/cs/legalmatters/a/websitetheftjb.htm

Title: Re: Main attack vectors to hack websites..
Post by: polonus on September 28, 2010, 11:10:04 PM

Hi forum friends,

The thread was started from info that was found inside an online image, no more no less,

polonus

Title: Re: Main attack vectors to hack websites..
Post by: Hermite15 on September 28, 2010, 11:27:05 PM

Quote from: polonus on September 16, 2010, 09:03:07 PM

Hi malware fighters,

What to watch out for? Most attacks on hacked websites will place malicious JavaScript (74%), while malicious iFrames are being used for the remaining 26% of these attacks. JavaScript could have various advantages. It gives access to the DOM elements in the rest of the webpage, to provide attackers with additional info and possibilities to hide their malcode. An injected JavaScript gives access to the 'page referrer', adress bar, user cookies and could insert malicious content into a webpage. This is something iFrames can not do.
The best policy here is to fully patch and upgrade your software and OS, use a browser with a script blocking extension like NS, that could also block iFrames. For checking whether a web page is vulnerable or already being hacked and has malicious content, there are various online sources and specialist tools,

polonus

Quote from: WeWatchYourWebsite on September 17, 2010, 11:46:18 AM

Malicious javascript and iframes aren't the attack vectors to hack websites, they are the result of a successful attack on some other software on a website.

The entire Dasient report is available here:

http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html (http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html)

not much to add... ;D >>> except may be for those a bit curious, compare the OP's post to the original >>> and see how just a couple of words got changed, the order of sentences got slightly modified, and no need to insert quotes of course  :D

 Also worth noticing are differences in terms of language quality (English) when moving from what got actually stolen to the OP's actual comments. This is laughable.

Title: Re: Main attack vectors to hack websites..
Post by: Hermite15 on September 28, 2010, 11:35:51 PM

Quote from: polonus on September 28, 2010, 11:10:04 PM

Hi forum friends,

The thread was started from info that was found inside an online image, no more no less,

polonus

no, this thread was started from stealing someone else's article
http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html

 No link, no quote hey, Mr Polonus , what for ??? ::)

Title: Re: Main attack vectors to hack websites..
Post by: DaveyB on September 29, 2010, 03:03:29 AM

What I find humorous about all this is that, on looking at the Dasient site, there is only one comment added to it, and its SPAM !!!  =D