|
Non-Trusted or Malicious Web Sites contain code
that may intentionally modify your computer
or network without your consent or
knowledge, causing harm. In many cases
infections can occur without having to run
any programs or open any attachments. This
is due to vulnerabilities on Web browsers,
operating systems or lack of security
software.
Currently there are tens of thousands of
malicious websites on the Internet. Some
of these sites can be reputable and trusted
companies that have unknowingly had their Web
servers compromised.
Web Site Delivery
Techniques Include:
• The inclusion of HTML disguised links within
popular web-sites, message boards.
• The use of third-party supplied, or fake,
banner advertising graphics to lure you to the Phishers web-site.
• The use of web-bugs (hidden items within
the page – such as a zero-sized graphic) to track a potential customer in preparation
for a phishing attack.
• The use of
pop-up or
frameless windows to disguise the true
source of the Phishers message.
• Embedding malicious content within the
viewable web-page that exploits a known
vulnerability within the customers web browser software and
installs software of the Phishers choice (e.g.
key-loggers,
screen-grabbers, back-doors and other
Trojan horse programs).
• Abuse of trust relationships within the
customers web-browser configuration to make use of site-authorized scriptable components
or data storage areas.
|