Visitors Report Getting Viruses From Web Pages Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Nowadays many professional hacker was born to hacked some big company website and stolen their important information to do some unhealthy things. How can a user know that one site has been hacked? The search engines now says he/she run an attack site, the noticed spam email being sent from user account, When search for a site (yes, we all do it!) user antivirus program suggests it may be being used for phishing Besides that, will have some political statement or graffiti all over your pages that show at figure 5.1.

Figure 5.1

On the other hand, user or website owner must always be aware when saw the detail like show below. This is important because all this are very sensitive to website and should find a way to solve it.

Google or Yahoo says "This site may harm your computer"

If Google or Yahoo search engine result pages (SERPs) display a warning about your site, the most common cause is that your site was hacked. Please see the separate article about how to investigate and remove the Google / StopBadware warning message.

Visitors report getting viruses from web pages

If visitors report that they get viruses or antivirus alerts from browsing the pages, it usually means the site has been hacked. Google and Yahoo will soon start displaying malware warnings about your site, so see the article about it, above.

It is, however, possible for the pages to deliver viruses even if a site hasn't been hacked. This can occur when the pages pull some of their content from third parties such as advertisers, and they got hacked or someone slipped a malicious advertisement into their lineup.

Visitors report being redirected to other websites

If other people try to visit the website but get automatically taken to some other website instead, it's another symptom of being hacked. It's a similar situation to the two described above and will eventually earn a Google or Yahoo! "badware flag". See the article referenced above.

Traffic decreases dramatically and suddenly

Most web surfers stay away from sites that have the warning "This site may harm your computer". Those who continue to the site and get a virus or antivirus alert will leave immediately and not browse around. Either way, you'll see a drop in traffic. Anytime your traffic

Files contain code you didn't put there

If the pages suddenly contain links, text, or other objects didn't put there, it's an indication you've been hacked. The source code of the pages (the text in .htm, .html, or .php files, for example) should always stay the same as it was when created it. If it changes, it's an indication someone figured out how to break into the site and change it. That should never happen.

One exception is that free webhosts sometimes require that you allow them to put ads into your pages. Occasionally someone thinks they've been hacked when it's really just the webhost's advertising code. If in doubt and you use free hosting, read the Terms of Service of your hosting plan. 

Site contains files you didn't put there

This is just like #5 above, except there are entire new files. It can be harder to make a judgment about new files because a site usually does contain files you didn't put there, many of them necessary for proper functioning (although most are in folders whose names are an indication of what they're for). You can examine text files to see if their contents look suspicious. Don't delete files just because you don't recognize them. Once you're afraid you might have been hacked, everything can look suspicious, even things that were always there that you just never noticed before.

Search engine result page (SERP) listings suddenly change

When your site appears in search result listings, the pages listed should be pages that you know really exist, and the text shown should be related to what your site is about. If the listings suddenly show weird-named pages or text about topics unrelated to your site's content, it's another symptom of being hacked.

Attacks that could expect to experience and the resulting damage on your site

The are many types of attack that can easily damage a website. One of them is Phishing Attacks .Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Nowadays different types of phishing attacks have now been identified. Some of the more prevalent are listed below.

ï‚· Deceptive Phishing. The term "phishing" originally referred to account theft using instant messaging but the most common broadcast method today is a deceptive email message. Messages about the need to verify account information, system failure requiring users to re-enter their information, fictitious account charges, undesirable account changes, new free services requiring quick action, and many other scams are broadcast to a wide group of recipients with the hope that the unwary will respond by clicking a link to or signing onto a bogus site where their confidential information can be collected.

ï‚· Malware-Based Phishing refers to scams that involve running malicious software on users' PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site, or by exploiting known security vulnerabilities--a particular issue for small and medium businesses (SMBs) who are not always able to keep their software applications up to date.

ï‚· Keyloggers and Screenloggers are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. They can embed themselves into users' browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors.

ï‚· Session Hijacking describes an attack where users' activities are monitored until they sign in to a target account or transaction and establish their bona fide credentials. At that point the malicious software takes over and can undertake unauthorized actions, such as transferring funds, without the user's knowledge.

ï‚· Web Trojans pop up invisibly when users are attempting to log in. They collect the user's credentials locally and transmit them to the phisher.

ï‚· Hosts File Poisoning. When a user types a URL to visit a website it must first be translated into an IP address before it's transmitted over the Internet. The majority of SMB users' PCs running a Microsoft Windows operating system first look up these "host names" in their "hosts" file before undertaking a Domain Name System (DNS) lookup. By "poisoning" the hosts file, hackers have a bogus address transmitted,taking the user unwittingly to a fake "look alike" website where their information can be stolen.

ï‚· System Reconfiguration Attacks modify settings on a user's PC for malicious purposes. For example: URLs in a favorites file might be modified to direct users to look alike websites. For example: a bank website URL may be changed from "" to "".

Besides that, another attack are called Brute Force Attack. The attack used to compromise websites is called a brute force attack. In this scenario, the attacker simply makes repeated guesses at username/password combinations. These attacks are usually performed by a computer program that submits a login form numerous times per second. Given enough time and opportunity, this type of attack will get the correct password. However, brute force attacks can require years of continuous attempts before coming up with the proper password. The second most common type of attack is exploiting known vulnerabilities in a piece of software. This is analogous to knowing which door to use and what time to  break into a house. If you know that the owner always leaves the back door unlocked when he walks the dog in the evening, you will use the back door at potty time to enter the house. Obviously, this type of attack requires time spent in educating one's self about the intended target and observing behaviors, patterns, etc.

So it is with software. Occasionally, new releases of software have security issues that can be exploited. They are often documented on the internet, and a quick search is usually all that is necessary to get a list specific to a certain piece of software (e.g. WordPress).

These types of attacks are typically only performed by people knowledgeable in programming, website administration, etc. They are usually fairly complex to exploit and require an advanced level of knowledge to make use of the information gained from using them. These vulnerabilities are typically addressed quickly by the WordPress developers however, and fixes are released soon after.