Main attack vectors to hack websites..

Hi malware fighters,

What to watch out for? Most attacks on hacked websites will place malicious JavaScript (74%), while malicious iFrames are being used for the remaining 26% of these attacks. JavaScript could have various advantages. It gives access to the DOM elements in the rest of the webpage, to provide attackers with additional info and possibilities to hide their malcode. An injected JavaScript gives access to the ‘page referrer’, adress bar, user cookies and could insert malicious content into a webpage. This is something iFrames can not do.
The best policy here is to fully patch and upgrade your software and OS, use a browser with a script blocking extension like NS, that could also block iFrames. For checking whether a web page is vulnerable or already being hacked and has malicious content, there are various online sources and specialist tools,

polonus

Malicious javascript and iframes aren’t the attack vectors to hack websites, they are the result of a successful attack on some other software on a website.

The entire Dasient report is available here:

http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html

good post :wink:

@ Pol: would be nice to not just copy/paste an article with a few modifications, but instead quote it and give the link. Sorry man what you did there is just not acceptable at all >>> you’re posting it as if you wrote it yourself, not mentioning that your interpretation, as mentioned by the above poster, was wrong.

ps: I mean it’s not just that, many of the articles whose authors you’re impersonating are copyrighted alright?

+1

about “Web Site Content Theft”
http://sbinfocanada.about.com/cs/legalmatters/a/websitetheftjb.htm

Hi forum friends,

The thread was started from info that was found inside an online image, no more no less,

polonus

not much to add… ;D >>> except may be for those a bit curious, compare the OP’s post to the original >>> and see how just a couple of words got changed, the order of sentences got slightly modified, and no need to insert quotes of course :smiley:

Also worth noticing are differences in terms of language quality (English) when moving from what got actually stolen to the OP’s actual comments. This is laughable.

no, this thread was started from stealing someone else’s article
http://blog.dasient.com/2010/09/continued-growth-in-web-based-malware_9357.html

No link, no quote hey, Mr Polonus , what for ??? ::slight_smile:

What I find humorous about all this is that, on looking at the Dasient site, there is only one comment added to it, and its SPAM !!! =D