While the lock-ups and crashes often occur without malicious intent, there are several availability impacting attacks for which malicious intent undoubtedly exist. Pop-up floods are used in advertisement attacks (New Ad Attacks). These attacks lead to the display of many unsolicited pop-up windows. While these pop-ups load, network and computing resources are consumed, significantly reducing the availability of the client. This could even lead to browser hijacking, in which the page cannot be left and/or pop-up cannot be closed.

Since web browsers are capable to load resources from remote network locations, for instance images, a malicious web page could conceptually lead to flooding the network with traffic if a browser doesn’t manage its resources carefully. For instance, a web page that contains a million images from different domains could generate a million DNS requests, potentially overwhelming the local DNS server. A web page that contains large data chunks could potentially clog the network. If browsers are pooled to perform flooding of a network , they are referred to as Puppetnets (see Lam's paper on Puppetnets).

Web SPAM/ junk pages are specific malicious web pages that abuse search engine functionality. A search engine is tasked with providing the user with relevant web pages for a given user queries. Web spam/ junk pages abuse the algorithm of the search engine to lead to a high ranking despite the fact that the content of the web pages are not relevant to the user. As such, these pages abuse the client's resources by displaying non-relevant content. On top of that, these and other pages might be involved in click fraud scams in which a malicious web page could fraudulently simulate clicking of advertisements by the user.


Integrity impact

Next, attacks that impact integrity. In the context of web-based client-side attacks, a loss of integrity usually translates into the ability of an attacker to execute arbitrary code on the client machine. Cross site/domain/zone scripting, drive-by-pharming, hosting of malware, and drive-by-download attacks are described.

Cross site/domain/zone scripting is a vulnerability of web pages which allow execution of injected code in the security context of that page when the user visits such a page. The injected code could be used to steal information, but also permit execution of arbitrary code on the client if, for instance, that web page is a trusted page in the context of the web browser.

Drive-by-pharming is an web-based client-side attack that modify the DNS settings of a user's router by merely having a user visit a malicious web page. These attacks do not impact the integrity of the client machine directly, but rather impact the integrity of network components the client relies on.