3. Web attacks

Malware is also delivered through web attacks. Attacks can leverage vulnerabilities in websites and browsers to execute the attack.

A web application is hosted on a web server and, as a result, we get a website. A web application is composed of web pages, databases, and several subcomponents. Web pages are created using PHP, HTML, Java, JavaScript, and so on. A database for a website can be created using MySQL, Postgres SQL, and MongoDB. Joomla, WordPress, and Drupal are some popular readily available web applications. People can use these as templates and modify them to create their websites as per their requirements. Apache Tomcat, JBoss, and Microsoft IIS are some of the famous web servers. A vulnerability in a web application, web page, database, or web server can expose the website to attack. We term these kinds of vulnerabilities as server-side vulnerabilities. Attackers can use these vulnerabilities to compromise the website. They can get the credentials of the users who have logged into the website. Also, an attacker can embed code in the web pages of the site. He can embed URLs in the website that can redirect the victim to malicious sites which can contain ransomware or other malware. SQL injection attacks and cross-site scripting attacks are the most popular attacks carried out on websites. SQL injection attacks are aimed at manipulating the database whereas cross-site scripting attacks can embed malicious code in a website. There are a lot more attacks. You can find a list of some of the top web vulnerabilities at the Open Web Application Security Project (OWASP) site.

OWASP is an organization that lists the top vulnerabilities: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.

A desktop user uses a web browser to browse a site. Firefox, Internet Explorer, and Chrome are commonly used web browsers. The web server hosts websites while a browser acts as a client that consumes the web pages. Browsers have the ability to parse the code in web pages hosted on a website and display it to the user. One can install plugins in browsers to extend their capabilities. The Adobe Flash plugin extends the capability to view videos in the web browser. A vulnerability can be present in the browser or its plugin. An attacker uses an exploit (explained in section 4.11 Exploit in Chapter 1, Malware from Fun to Profit), intended for the particular vulnerability, to compromise the browser and execute malicious code, thus taking control of the system.

These kinds of vulnerabilities are often termed as client-side vulnerabilities. If an attacker uses the vulnerability in a browser, only the user with a certain browser is affected.

If the attack involves an exploit (refer to Chapter 1, Malware from Fun to Profit) related to Internet Explorer, the user using Firefox is not affected by that particular exploit.

Again, exploits are specific to a version of software too. An exploit that is intended to compromise Internet Explorer 6 may not harm an Internet Explorer 7 browser unless they have the same vulnerability. A successful execution of an exploit is dependent upon the protection mechanisms employed by the operating system. Windows has developed several techniques, such as DEP and ASLR, to protect browsers and other software installed on it. We will be explaining these mechanisms in the Defense mechanism section in Chapter 8, Ransomware Detection and Prevention. Exploits are designed to bypass these defensive mechanisms too.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.14.84.29