CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

Malicious websites

In brief

The Internet offers us unique opportunities, but it is also the platform of choice for cybercriminals. In fact, web browsers serve as fantastic entry points for malicious software (malware).

One of the most widespread ways of getting infected is still deception – through social engineering techniques to make people download and install malicious code onto their computers themselves, without realising what they are doing.

By exploiting human feelings (social engineering), such as curiosity or even fear, people can be made to install “fake anti-virus software”, scareware and other malicious code. The wrongdoer could, for example, make a victim believe that their computer is infected, thereby arousing a feeling of fear. Leveraging this feeling, the criminal then leads the user to download an “anti-virus” program which turns out to be a Trojan horse, rather than a protection program.

Various software programs are available to help Internet users to recognise these different forms of attack based on social engineering. For example, there is the browser add-on WOT (Web Of Trust), which warns people when they visit a website with a poor reputation. Users should also pay heed to warnings provided by search engines or their own browser when they warn against viewing a given page.

Drive-by-download

Drive-by-download is a method of infecting computers using malicious code, exploiting the technical vulnerabilities of the browser. Users are tricked into downloading malicious code which, unbeknownst to the user, attempts to exploit vulnerabilities in the browser and automatically infect the machine.

How can you protect yourself against this?

Behavioural measures

  • Watch out for social engineering type attacks
  • Find out how to recognise messages from your own antivirus software. Many malicious sites trick internet users into downloading fake antivirus software by claiming that the user’s machine is infected.

Technical measures

Table of Contents