Home topics technology Tech Tech Understanding web-based attacks Andrew Gordon September 29, 2009 Anatomy of an Attack by Andrew Gordon, MessageLabs Senior Manager, Enterprise and Partner Services The World Wide Web presents a wealth of opportunities for abuse. Data leakage, fraud, identity theft, compromised confidentiality, impaired computing capabilities, financial loss, legal action, damaged reputation. All can result from an inadvertent visit to a malware-infected website and all have the potential to seriously undermine a business. ‘Bad guys’ no longer rely primarily on email to pursue their nefarious objectives. Malware-infected sites polluting the web have grown significantly. MessageLabs Intelligence estimates that Internet users now make more than 100 million visits to malicious URLs every month. Protecting your business is no longer simply a question of avoiding ‘dodgy’ or unknown websites. Mainstream sites are also being deliberately infected by cyber-criminals with spyware, Trojans and other business-compromising malware. The rise and rise of web threats Cyber criminals’ underlying aim in concealing malware within a website is to take control of visitors’ computers. Once achieved, the scope to exploit the infected computer is almost limitless. Fundamentally, any web-based attack comprises three components – the set-up, the hit and the aftermath. 1) Set-Up The attacker decides why they want to gain access to someone’s computer. For example, they may want to steal sensitive data. They may want to track browsing habits or keystrokes, which could provide access to vital bank account passwords. Or they may want to recruit the machine to a botnet – a