Non-Trusted or Malicious Web Sites contain code
that may intentionally modify your computer
or network without your consent or
knowledge, causing harm. In many cases
infections can occur without having to run
any programs or open any attachments. This
is due to vulnerabilities on Web browsers,
operating systems or lack of security
software.
Currently there are tens of thousands of
malicious websites on the Internet. Some
of these sites can be reputable and trusted
companies that have unknowingly had their Web
servers compromised.
Web Site Delivery
Techniques Include:
The inclusion of HTML disguised links within
popular web-sites, message boards.
The use of third-party supplied, or fake,
banner advertising graphics to lure you to the Phishers web-site.
The use of web-bugs (hidden items within
the page - such as a zero-sized graphic) to track a potential customer in preparation
for a phishing attack.
The use of
pop-up or
frameless windows to disguise the true
source of the Phishers message.
Embedding malicious content within the
viewable web-page that exploits a known vulnerability
within the customers web browser software and
installs software of the Phishers choice. Abuse of trust relationships within the
customers web-browser configuration to make
use of site-authorized scriptable components
or data storage areas.
A malicious web site contains code
which installs a harmful program such a
Trojan, computer virus or adware onto
your computer. If visited, the web site
may appear to be completely ordinary,
but behind the scenes it will be
installing the malicious code and this
may not be apparent, although sometimes
a program will launch unexpectedly, or
you may notice a lot of activity on your
Internet connection as the files are
downloaded. The malicious code may be
disguised within the page, so cannot be
easily be identified, unless you have
specialist knowledge. Even the plainest
looking page can conceal malicious code
behind the scenes.
Example malicious web site pretending to
be an empty page:
