Know Your Enemy: Malicious Web Servers
by The Honeynet Project - Monday, 20 August 2007.
Today, many attackers are part of organized crime with the intent to defraud their victims. Their goal is to deploy malware on a victim’s machine and to start collecting sensitive data, such as online account credentials and credit card numbers.

Since attackers have a tendency to take the path of least resistance and many traditional attack paths are barred by a basic set of security measures, such as firewalls or anti-virus engines, the “black hats” are turning to easier, unprotected attack paths to place their malware onto the end user’s machine. They are turning to client-side attacks.

This paper examines client-side attacks and evaluates methods to defend against client-side attacks on web browsers. First, it provides an overview of client-side attacks and introduces the honeypot technology that allows security researchers to detect and examine these attacks. Then it proceeds to examine a number of cases in which malicious web servers on the Internet were identified with honeypot technology and evaluates different defense methods. It concludes with a set of recommendations that one can implement to make web browsing safer.

Download the paper in PDF format here.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //