Malware 101: How do I get malware? Complex attacks
Authored by a Symantec employee
In other posts, we’ve explained the different types of malware on the threat landscape, and some of the less complicated ways your computer can become infected with malware. In this article we’ll talk about the more complicated types of attacks that cybercriminals use to try to get your information.
Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a target’s computer. The kits come with prewritten code that will search for the vulnerabilities, and once it is found, the kit can then inject malware into the computer through that security hole.
Malicious Websites and Drive-by-downloads
A drive-by-download is a download that occurs when a user visits a malicious website that is hosting an exploit kit. There is no interaction needed on the user’s part other than visiting the infected webpage. The exploit kit will look for a vulnerability in the software of the browser, and inject malware via the security hole.
Malicious advertising is a relatively new threat that is rising in popularity amongst cybercriminals. The hacker will purchase legitimate advertising space on legitimate websites and within the add will be malicious code. Similar to a drive-by-download, there is no interaction needed on the users’ part to download the malware.
Man-in-the-middle (MitM) Attack
A Man-in-the-middle (MitM) attack employs the use of an unsecured, or poorly secured, usually public Wi-Fi router. The hacker will then scan the router using special code looking for certain weaknesses such as default or poor password use. Once the attacker has found the vulnerability, they will then insert themselves in between the users’ computer and the websites the user visits and intercept the messages being transmitted between the two.
Man-in-the-browser (MitB) Attack
Similar to a MitM attack, all an attacker needs to do is inject malware into the computer, which will then install itself into the browser without the users’ knowledge. This malware will then record the data that is being sent between the victim and specifically targeted websites. Once the malware has collected the data it was programmed to collect, it then transmits that data back to the attacker. While the two attacks have the same goal, this attack is simpler in nature, as the attacker does not need to be within physical proximity of a router as in the MitM attacks.
Social engineering is one of the most popular malware delivery methods, because it involves the manipulation of human emotions. Social engineering uses spam phishing via email, instant messages, social media and more. The goal is to try to trick the user into downloading malware or clicking a link to a compromised website that hosts the malware. Usually, the messages come in the form of a scare tactic, stating that there is something wrong with an account, and that the user should immediately click on the link to log into their account or download an attachment that conceals malware. The link will lead the user to a copy of the legitimate website, in the hopes that the user will enter their credentials for the site so they can be captured by the cyber criminal.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.