How malware works: Anatomy of a drive-by download web attack (Infographic)

web-malware-attack

We’d like to show you in visual format how a web attack works. As you can see in the infographic below, a web attack happens in five stages, and this whole process takes less than a second.

The web is the number one source of malware (a term that combines “malicious” and “software”), and the majority of these malware threats come from what is called a drive-by download.

5 Stages of a Web Attack

The term drive-by download describes how malware can infect your computer simply by visiting a website that is running malicious code (Stage 1: entry point).

Most of the time, these are legitimate websites that have been compromised to redirect you to another site controlled by the hackers (Stage 2: distribution).

Today’s cybercriminals use sophisticated malware packaged in an “exploit kit” that can find a vulnerability in your software among thousands of possibilities.

When your browser is redirected to the site hosting an exploit kit, it probes your operating system, web browser and other software (such as your PDF reader or video player) to find a security vulnerability that it can attack (Stage 3: exploit).

Remember — if you are not applying security updates to your operating system and software, you are unprotected against these exploits.

Once the exploit kit has identified a vulnerability, that is where Stage 4: infection begins. In the infection phase of an attack, the exploit kit downloads what is known as a “payload,” which is the malware that installs itself on your computer.

Finally, in Stage 5: execution, the malware does what it was designed to do, which is mainly to make money for its masters.

The malware known as Zbot can access your email or bank accounts. Another type of payload called ransomware can hold your files hostage until you pay to have them released.

Web-Threats-Infographic-image

Secure the Web

This kind of attack happens all the time. But you don’t have to be a victim. Download our checklist of technology, tools and tactics for effective web protection to find out how you can protect your organization from malware attacks at every step of the way. You should also check out our free whitepaper explaining how malware works and offering tips to help you stop it: Five Stages of a Web Malware Attack. (Registration required).

At Sophos, our real-time reputation filtering protects you from newly infected websites as soon as they come online. We do this using our ever-growing, cloud-hosted database of malicious sites, compiled by our global intelligence centers called SophosLabs.

Learn more about how we can secure the web for you.

15 thoughts on “How malware works: Anatomy of a drive-by download web attack (Infographic)

  1. Pingback: How do APTs work? The Lifecycle of Advanced Persistent Threats (Infographic) | Sophos Blog

  2. Pingback: Sophos at Infosecurity Europe 2014: Credit card crime, Android malware, and a look inside SophosLabs | Sophos Blog

  3. Pingback: 5 things you should know about email unsubscribe links before clicking | Naked Security

  4. Pingback: ste williams – 5 things you should know about email unsubscribe links before you click

  5. Pingback: Lufsec – 5 things you should know about email unsubscribe links before you click

  6. Pingback: The top 6 retail threats and how to stop them | Sophos Blog

  7. Pingback: SophosLabs research spotlights rising threat of Vawtrak financial malware | Sophos Blog

  8. Pingback: When You Unsubscribe - In Birdys Eyes

  9. Pingback: Frage zu Drive By Downloads topx | chip

  10. Pingback: How to mitigate Drive-by-Downloads | IT Security Matters

  11. I now know how these pesky things work. Glad that my files are all safe and away from these malwares. I am using ESET Antivirus at home and in my business.

  12. this website is a virus itself. It spreads unsharp fears without explaining precisely why a computer would get infected just by visiting a website.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s