Malicious scripts in compromised websites - and how to protect yourself
FYI, this story is more than a year old
When talking about the attacks and threats users must face every day, people often highlight those that are more or less predictable, such as malicious archives sent as email attachments. Even though these threats are still very prevalent (e.g. in the different ransomware variants), cybercriminals also use many other attack vectors. Some of the most dangerous are those that involve scripts, they are quite difficult for the average user to detect.
How does a malicious script work?
Malicious scripts are code fragments that, among other places, can be hidden in otherwise legitimate websites, whose security has been compromised. They are perfect bait for victims, who tend not to be suspicious because they are visiting a trusted site. Therefore, cybercriminals can execute malicious code on the users’ systems by exploiting some of the multiple vulnerabilities in the browsers, in the operative system, in third-party applications or in the website itself that allows them to place the exploits in the first place.
If we take a look at recent examples, we will see that cybercriminals have been using well-known exploit kits for years to automate these infection processes. Their operation is relatively simple – they compromise the security of a legitimate website (or else create a malicious website and then redirect the users to it from other locations), and install any of the existing exploit kits. From then on, detection and exploitation of vulnerabilities in the systems of users visiting that website can be automated.
This can be seen in malvertising campaigns, where ads displayed on compromised websites have malicious code embedded in them. If accessed, they would allow cybercriminals to gain control of a device and launch attacks unless protected by a quality computer security product.
The reason why the execution of such code is accomplished automatically and without user intervention has much to do with the permissions that are granted during system configuration. Even today, the number of user accounts with administrator rights on Windows systems is still overwhelming, and this is totally unnecessary in most situations of everyday life.
This, together with the poor configuration of any of the security measures integrated to the Windows system itself, such as the UAC, enables the vast majority of these malicious scripts to operate unimpeded in hundreds of thousands of computers every day.
If only the users would set this security feature at a medium/high security level, many of these attacks could be avoided, provided that users are aware of the importance of reading the alert windows displayed by the system and the security suite instead of making the mistake of closing them or, worse yet, clicking on the “OK” button.
How to protect yourself from malicious scripts
We know that malicious scripts have been used by cybercriminals for years to spread all kinds of threats like Trojans, ransomware, and bots. However, at present there are adequate security measures available at least to mitigate the impact of these attacks. The only thing you need to do is set up the security measures that can protect you against these types of attacks and think before you click.
Article by Josep Albors, WeLiveSecurity analyst.