Web applications have become a core aspect of our day-to-day interaction with the internet. The number of internet users to date is estimated at four and a half billion worldwide. This single factor has attracted malicious attackers who attack users by hacking into these web applications. These attacks are mostly web-based malware, where the hackers infect web applications with malware. Malware is a malicious computer program that is built to destroy computer devices or steal information from them. Types of malware include but not limited to viruses, worms, trojan horses, rootkits, ransomware, and keyloggers.
What is a web-based malware attack?
A web-based malware attack is an attack where a user’s computer is infected either by downloading or installing malware from an infected website. A web attack is conducted via two techniques: social engineering and drive-by download.
What is social engineering?
In this technique, the hacker uses psychological tricks to manipulate users into giving away sensitive information. The attacker takes time to study the victim and then uses their truths to manipulate them. Social engineering is conducted in many forms. These include phishing, spear phishing, baiting, pretexting, and scareware. This technique capitalizes on the fallibility of humans, making it more difficult to prevent.
What is drive-by malware?
This technique entails developing a fake website infected with malicious code that is downloaded or installed into the user’s computer once they visit the website. Hackers achieve this by strategically placing the website’s link on the page of a legitimate website. Once the user clicks on the link, they are redirected to this malicious website and the malware is downloaded onto their device. The malware could be programmed to open a backdoor, which gives the hacker control of the device.
Due to the prevalence of these attacks, ethical hackers have devised methods to detect malware and prevent them from penetrating the system. These detection mechanisms include:
- Virtual machine-based detection: this mechanism uses virtual machines that mimic the actual user environment while observing the behavior of suspicious files. An example of a virtual machine used is a sandbox. Sandboxes provide malware with a playing field and allow it to reach the shellcode execution stage where it reveals its true nature. A malware-infected file is deleted before it infects the system.
- Signature-based detection: this is done by studying the attack patterns of different malware using machine learning algorithms and then categorizing malware with similar patterns into families. Using these machine learning algorithms, malware signatures are detected by the system and denied access to the system.
Web-Based Malware Analysis
Even though there are many types of malware out there, two types have been identified that mainly use the web as their deployment vehicle. These are trojans and adware.
- Trojans: a trojan is a malicious software that deceives the user by hiding its true intentions. Attackers use social engineering to lure users into downloading Trojan malware onto their computers. Trojans are categorized according to their functionality, and they include downloader trojans, banking trojans, backdoor trojans, etc.
- Adware: this type of malware is programmed to send users advertisements whenever they use web applications. These are normally fake advertisements that redirect users to malicious websites.
To ensure the security of a web application, it is imperative to conduct vulnerability analysis of the website to identify and patch vulnerabilities that could be exploited by attackers. Getting ethical hacking training from EC-Council would more than prepare you for this task. Once done with the training, you would be a Certified Ethical Hacker (CEH) and equipped with real-world knowledge and techniques of the most notorious hackers.