Jump to content

Malicious scripts in compromised websites and how to protect yourself


Batu69

Recommended Posts

When talking about the attacks and threats users must face every day, people often highlight those that are more or less predictable, such as malicious archives sent as email attachments. Even though these threats are still very prevalent (e.g. in the different ransomware variants), cybercriminals also use many other attack vectors. Some of the most dangerous are those that involve scripts, they are quite difficult for the average user to detect.

How does a malicious script work?

Malicious scripts are code fragments that, among other places, can be hidden in otherwise legitimate websites, whose security has been compromised. They are perfect bait for victims, who tend not to be suspicious because they are visiting a trusted site. Therefore, cybercriminals can execute malicious code on the users’ systems by exploiting some of the multiple vulnerabilities in the browsers, in the operative system, in third-party applications or in the website itself that allows them to place the exploits in the first place.

 

If we take a look at recent examples, we will see that cybercriminals have been using well-known exploit kits for years to automate these infection processes. Their operation is relatively simple – they compromise the security of a legitimate website (or else create a malicious website and then redirect the users to it from other locations), and install any of the existing exploit kits. From then on, detection and exploitation of vulnerabilities in the systems of users visiting that website can be automated.

 

This can be seen in malvertising campaigns, where ads displayed on compromised websites have malicious code embedded in them. If accessed, they would allow cybercriminals to gain control of a device and launch attacks unless protected by a quality computer security product.

 

At this point, the malicious script (JavaScript for example), which is usually obfuscated, is responsible for downloading and executing what is known as the payload. The latter is merely a piece of malicious code able to exploit these vulnerabilities and infect the user’s system with the malware that the cybercriminal has chosen. If not protected, and all goes as planned by the criminals, all this goes almost unnoticed for the user, and thus poses a considerable risk when surfing the web.

 

The reason why the execution of such code is accomplished automatically and without user intervention has much to do with the permissions that are granted during system configuration. Even today, the number of user accounts with administrator rights on Windows systems is still overwhelming, and this is totally unnecessary in most situations of everyday life.

 

This, together with the poor configuration of any of the security measures integrated to the Windows system itself, such as the UAC, enables the vast majority of these malicious scripts to operate unimpeded in hundreds of thousands of computers every day.

 

If only the users would set this security feature at a medium/high security level, many of these attacks could be avoided, provided that users are aware of the importance of reading the alert windows displayed by the system and the security suite instead of making the mistake of closing them or, worse yet, clicking on the “OK” button.

How to protect yourself from malicious scripts

To prevent these types of attacks, users must take into account that there is no 100% secure website on the internet, and consequently, they need to take some measures to protect themselves. Updating the operating system and those applications that are most vulnerable to these attacks (mainly browsers, Flash Player and Java) is crucial to mitigate them. Nevertheless, sometimes this is not enough, and it is necessary to have a security solution that is able to detect these types of malicious scripts – not only those using JavaScript, but also those using PowerShell, etc.

Conclusion

We know that malicious scripts have been used by cybercriminals for years to spread all kinds of threats like Trojans, ransomware, and bots. However, at present there are adequate security measures available at least to mitigate the impact of these attacks. The only thing you need to do is set up the security measures that can protect you against these types of attacks and think before you click.

 

Article source

Link to comment
Share on other sites


  • Replies 1
  • Views 943
  • Created
  • Last Reply
1 hour ago, Batu69 said:

there is no 100% secure website on the internet

 

True, but you can have a 99 and 44/100% secure system.  I use ScriptSafe and NoScript, depending on the browser, to stop scripts cold.  It can be a pain to click and choose what can run and what can't, but security takes precedence.  Only lazy people would sacrifice security because they don't want to take the time to secure their systems and keep them secure.  There are things you never ever do if you want to be safe.  For example, you never, ever, connect to the internet without using a VPN.  (Mine starts automatically when the computer starts and runs all the time.)  You use incognito mode to delete all cookies when the browser is closed, you use adblockers, do not track addons, and script blockers.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...