User:Lania Elderfire/Rant/Attack Websites

Attack Websites
I always say that the best defense against becoming a victim of identity theft is to know how some of these exploits work. In most cases, attack websites look completely benign. They are different from phishing websites in that there are no places to enter confidential information and it usually does not ask for anything for the user to do. This type of attack is fairly prevalent and becoming more common.

How it works

 * 1) The user unknowingly clicks on a link to a attack website
 * 2) The exploit code initiates and runs legitimate code that is used by many websites that scans for basic computer information like browser version, OS, etc.
 * 3) The browser is redirected to a site containing the exploit code that is compatible with the browser type, version, and OS.
 * 4) The code then attempts to install a program silently. If it fails, it may prompt the user that a "plugin" must be installed to display the website properly or prompts the user to install an update to a very common plugin such as flash.  The "update" or the "plugin" are the malicious program that is installed when the user allows installation of the program.
 * 5) The website loads normally, and looks just like the website that the user was expecting. For example, if you clicked on the link for anime reviews, the "attack website" will look like a normal website containing anime reviews.
 * 6) The malicious program now runs silently gathering information from keystrokes and stealing online account/bank credentials. The harvested accounts are then sold in the online blackmarket.  For example a list of accounts that belong to MMOs are sold to gold sellers, and uses those account credentials to steal gold.

How to prevent this
This exploit depends on several things. Redirects, Java Script, active X, and drive by downloads. You can disable redirects on your browser, but that will make legitimate websites annoying to use as well. Disabling javascript and active X will also have a severe impact on the online browsing experience. The final line of defense is the drive by download. The best way to defeat this is to use a browser that is more secure than other browsers. Generally, internet explorer is still vulnerable to some types of drive by downloads that is silent. Firefox, Opera, and chrome tend to be more secure. Also when it prompts to allow installation of a program, don't allow it. Flash updates should only be installed from the actual adobe website.

Other 3rd party programs like an antivirus is relatively ineffective against new threats, and even regularly updated antivirus programs may fail to detect new types of malicious programs. It is always advised to install a out-bound firewall to filter programs that transmit data to the web. Generally decent outbound firewalls will catch the malicious software trying to transmit personal data online and will notify the user.

In the end, you need to be smart about this and not depend on your computer's security software to protect your identity. In many cases, attack websites depend on the fact that the user never heard of such a thing, and through social engineering, fool the user into thinking it is safe. Even the program that runs may have file names like systemx64.exe which sounds legitimate but in reality it is a malicious program.