Author Topic: Main attack vectors to hack websites..  (Read 5460 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33319
  • malware fighter
Main attack vectors to hack websites..
« on: September 16, 2010, 09:03:07 PM »
Hi malware fighters,

What to watch out for? Most attacks on hacked websites will place malicious JavaScript (74%), while malicious iFrames are being used for the remaining 26% of these attacks. JavaScript could have various advantages. It gives access to the DOM elements in the rest of the webpage, to provide attackers with additional info and possibilities to hide their malcode. An injected JavaScript gives access to the 'page referrer', adress bar, user cookies and could insert malicious content into a webpage. This is something iFrames can not do.
The best policy here is to fully patch and upgrade your software and OS, use a browser with a script blocking extension like NS, that could also block iFrames. For checking whether a web page is vulnerable or already being hacked and has malicious content, there are various online sources and specialist tools,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline WeWatchYourWebsite

  • Newbie
  • *
  • Posts: 4
Re: Main attack vectors to hack websites..
« Reply #1 on: September 17, 2010, 11:46:18 AM »
Malicious javascript and iframes aren't the attack vectors to hack websites, they are the result of a successful attack on some other software on a website.

The entire Dasient report is available here:

http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: Main attack vectors to hack websites..
« Reply #2 on: September 17, 2010, 12:10:07 PM »
Malicious javascript and iframes aren't the attack vectors to hack websites, they are the result of a successful attack on some other software on a website.

The entire Dasient report is available here:

http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html

good post ;)

 @ Pol: would be nice to not just copy/paste an article with a few modifications, but instead quote it and give the link. Sorry man what you did there is just not acceptable at all >>> you're posting it as if you wrote it yourself, not mentioning that your interpretation, as mentioned by the above poster, was wrong.

 ps: I mean it's not just that, many of the articles whose authors you're impersonating are copyrighted alright?
« Last Edit: September 17, 2010, 01:06:28 PM by Logos »
w7 - ais7

Offline Darth.Mikey

  • Super Poster
  • ***
  • Posts: 1586
  • You are unwise to lower your defenses!
Re: Main attack vectors to hack websites..
« Reply #3 on: September 17, 2010, 01:31:12 PM »
+1

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: Main attack vectors to hack websites..
« Reply #4 on: September 17, 2010, 06:20:11 PM »
w7 - ais7

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33319
  • malware fighter
Re: Main attack vectors to hack websites..
« Reply #5 on: September 28, 2010, 11:10:04 PM »
Hi forum friends,

The thread was started from info that was found inside an online image, no more no less,

polonus
« Last Edit: September 28, 2010, 11:16:34 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: Main attack vectors to hack websites..
« Reply #6 on: September 28, 2010, 11:27:05 PM »
Hi malware fighters,

What to watch out for? Most attacks on hacked websites will place malicious JavaScript (74%), while malicious iFrames are being used for the remaining 26% of these attacks. JavaScript could have various advantages. It gives access to the DOM elements in the rest of the webpage, to provide attackers with additional info and possibilities to hide their malcode. An injected JavaScript gives access to the 'page referrer', adress bar, user cookies and could insert malicious content into a webpage. This is something iFrames can not do.
The best policy here is to fully patch and upgrade your software and OS, use a browser with a script blocking extension like NS, that could also block iFrames. For checking whether a web page is vulnerable or already being hacked and has malicious content, there are various online sources and specialist tools,

polonus

Malicious javascript and iframes aren't the attack vectors to hack websites, they are the result of a successful attack on some other software on a website.

The entire Dasient report is available here:

http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html

not much to add... ;D >>> except may be for those a bit curious, compare the OP's post to the original >>> and see how just a couple of words got changed, the order of sentences got slightly modified, and no need to insert quotes of course  :D

 Also worth noticing are differences in terms of language quality (English) when moving from what got actually stolen to the OP's actual comments. This is laughable.
« Last Edit: September 28, 2010, 11:32:54 PM by Logos »
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: Main attack vectors to hack websites..
« Reply #7 on: September 28, 2010, 11:35:51 PM »
Hi forum friends,

The thread was started from info that was found inside an online image, no more no less,

polonus

no, this thread was started from stealing someone else's article
http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html

 No link, no quote hey, Mr Polonus , what for ??? ::)
w7 - ais7

Offline DaveyB

  • Newbie
  • *
  • Posts: 16
Re: Main attack vectors to hack websites..
« Reply #8 on: September 29, 2010, 03:03:29 AM »
What I find humorous about all this is that, on looking at the Dasient site, there is only one comment added to it, and its SPAM !!!  =D