How Malicious Code Damage a Website and its Visitors?

As you people know very well that I have been emphasizing about security and its importance from day one – but people actually didn’t focus on it and here are the results for not paying attention.

Jang.com.pk and few other Pakistani websites got marked as malicious websites by Google. To actually understand on how all this happened, and what ways are there to avoid such instances, let me briefly discuss it for you guys.

Website example.com.pk a very well known website of Pakistan and it is known for the quality of content. But unfortunately, they didn’t do any security audit of the web server. As, I said, example.com.pk is very famous site, hence it gets plenty of attention, both from good and bad people across the web. Those bad people, can also be called malicious attackers, who use weakness in particular application and misuse it.

(By application I mean the software used for website, such as wordpress, doorpal, or in-house developed etc)

These malicious attackers don’t target particular websites; instead they keep on browsing internet and keep looking for security loopholes that they can use by putting attack code on the server. Such attackers inject code on websites, and then start getting information of visitors, or other information stored on that specific web server (including but not limited to, name, email addresses, credit card numbers and so on).

Such attackers don’t deface websites, but they keep stealing the data without changing any file, thus webmaster never comes to know that there is someone who is using his/her website for stealing data or other ill means.

Malicious code can be even dangerous if it is automatically transferred to visitors’ computers, and then starts sending the information of all the visitors back to the attacker.

Such code downloads automatically, or it may use different techniques in order to gain access to visitors’ computers; such as, it can be in form of a video codec, or maybe embedded in a JPEG file and so on. Such malicious code can be of different nature, depending on what attacker wants from the target, can be a virus, Torjan or maybe adware.

Let’s assume a website is having 20,000 visitors per day, and around .4 million visitors a month, so just imagine on how badly these malicious codes can circulate around in a short span of time – But still people say we are normal site we don’t want security at all.

So again, this is a request to webmasters, to get their websites audited, patched well, and without any loopholes, to not only save your online businesses but the computers of your visitors too.

jang-malware

cybe-net-pk

fesco

PYO


  • True…

    Security still hasnt been recognized an an essential part in most of our IT Sectors.

    The weaknesses pointed out are to be seriously taken as it may further lead to critical damage.

    i agree with the author!

  • hi

    and can we have a nice article on steps and measures to avoid these attacks and also steps and measures to get rid of it once it has attacked the site, plz?

    Regards

  • Salam

    Yaar amir bhai mere saath kaspersky internet security hai…..Din me 3 dafa update karta hun….kia phr bi muje malware se khatra hai?
    Plz aap humain bata dain aur aap ke khyal best internet security Ya antivirus kon sa hai?

  • Dear Mr. Ali Raza,

    Many thanks for bringing this into Public knowledge.

    I wish to take this opportunity to highlight few more Pakistani sites with similar issue:

    **WARNING**: I highly recommend you not to visit the followings until you are confident that your AV will not fail! I, nor the original Author of this Blog Post or the owners of this site shall be held responsible for your losses of any or all kind. Please visit at your own discretion.

    1. Karachi Port Trust:(http://www.kpt.gov.pk/)
    Link to “Port Tariff” is actually infected.
    Threat: JS/TrojanDownloader.Agent.NQB.gen trojan
    For More info, google: “Gumblar” and ” Martuz”

    2. Mushko Electronic (http://www.mushko.com/)
    A link within their site was infected with Trojan, I cant seem to find it again. Or maybe they’ve fixed it already.

    3. Pakistan Chemical Directory (www.pcdpk.com)
    Main site is infected with Malware, Google gives warning and Firefox too!

  • Apparently it was a ftp hack which took A LOT of sites down including a couple of mine.

    The Hack would steal ftp password from the infected machine and insert an iframe link in index.php and other files. Code looks something like this :-

    Solution

    Clean your computer and remove any startup items which look shady. I yet have to see a better antivirus than kasperky.

    Change you FTP Password.

    Remove all malicious iframe codes and look for odd software on the hosting server and remove it.

  • This problem is particular with our Govt. websites. As per my information, most of these are hosted by a single ISP (dont want to name) of Pakistan.

    They need to ensure that the the hosting company is maintaining the above mentioned standards. Also the concerned staff/web master should be properly trained & monitored to ensure nothing suspicious is taken place through the website (like we recently saw the case of misusing the educational institute website for getting traffic).

  • Once caught up by Google for hosting malicious software on your server, then its will take a ample amount of time to reconsider for Google.


  • Get Alerts

    Follow ProPakistani to get latest news and updates.


    ProPakistani Community

    Join the groups below to get latest news and updates.



    >