We’d like to show you in visual format how a web attack works. As you can see in the infographic below, a web attack happens in five stages, and this whole process takes less than a second.
The web is the number one source of malware (a term that combines “malicious” and “software”), and the majority of these malware threats come from what is called a drive-by download.
5 Stages of a Web Attack
The term drive-by download describes how malware can infect your computer simply by visiting a website that is running malicious code (Stage 1: entry point).
Most of the time, these are legitimate websites that have been compromised to redirect you to another site controlled by the hackers (Stage 2: distribution).
Today’s cybercriminals use sophisticated malware packaged in an “exploit kit” that can find a vulnerability in your software among thousands of possibilities.
When your browser is redirected to the site hosting an exploit kit, it probes your operating system, web browser and other software (such as your PDF reader or video player) to find a security vulnerability that it can attack (Stage 3: exploit).
Remember — if you are not applying security updates to your operating system and software, you are unprotected against these exploits.
Once the exploit kit has identified a vulnerability, that is where Stage 4: infection begins. In the infection phase of an attack, the exploit kit downloads what is known as a “payload,” which is the malware that installs itself on your computer.
Finally, in Stage 5: execution, the malware does what it was designed to do, which is mainly to make money for its masters.
Secure the Web
This kind of attack happens all the time. But you don’t have to be a victim. Download our checklist of technology, tools and tactics for effective web protection to find out how you can protect your organization from malware attacks at every step of the way. You should also check out our free whitepaper explaining how malware works and offering tips to help you stop it: Five Stages of a Web Malware Attack. (Registration required).
At Sophos, our real-time reputation filtering protects you from newly infected websites as soon as they come online. We do this using our ever-growing, cloud-hosted database of malicious sites, compiled by our global intelligence centers called SophosLabs.