website infectionSpread of Malware Infection and Social Engineering no longer depends solely on porn sites, drug sites, stick idea sites and so on.

The times have come when you never know when a rock solid, trusted and legitimate site is compromised by the malware artists and start distributing malware to its visitors.

But How do Perfectly Legitimate Sites Start Spreading Malware

There are lots of ways to do that. The intent is to fake a malware concealed link look like a legitimate link. 3 Main tricks used to infect legitimate websites are following.

  1. Polluted Advertisements: Running of websites is a costly affair, and webmaster need to generate revenues to need the running costs. This is often through advertisements served on the websites. Due to the hassles of contacting and managing advertisors, webmasters often use the services of third party advertising networks like Adsense, Chitika etc. The serving of ads is automatic, and webmaster do not have time to scan the advertisements being served on their websites. And here lies the opportunity for the Malware Artists. They can hide their malware serving links and make arrangements that their ads are served on a perfectly legitimate site.
  2. SQL injection attacks: It is one of the most popular trick among the malware artists for infecting websites. In this technique, flaws in the coding of the website are exploited to inject a code into a web form or field available on the website for collecting user submitted data. In case the coding of the application is such that it doen’t require to validate the input, then the command shidden in the SQL code might get executed and the hacker can get control of the server.
  3. Content Posted on Social Websites: In this Web 2.0 era, when virtually every second website is user driven, it is hard to filter the data and links submitted by the users. It is so easy for any malware artist to create multiple accounts on a Social website, drive traffic towards it with some dubious ways and inject some malware bearing links on that. In an environment like Twitter, where the links are encrypted with the help of URL Shortening services, it becomes so easy for the hackers and malware artists to succeed in their evil designs.

    What is The Solution

    As a user, you cannot not do much about them. You cannot stop visiting these perfectly legitimate sites. One thing, which you can ensure is to exercise restraint in your online behavior. Remember the old trick; Pause Before You Click.