Having to deal with SharePoint exposed to the Internet, it’s always interesting to see some of the shady techniques out there that people will use to subvert sites and engineer traffic or steal information. Nearly everyone uses the web for work or pleasure today as web based technologies continue to shape our day to day lives.
As companies around the glob expand their web presence and usage of the web for critical business applications, it is important that everyone becomes familiar with some of the threats they are exposed to. As new web based applications and mobile capabilities promulgate, educating people about threats and how to defend your systems against increasing sophisticated malware is a must.
Here is a brief glossary of some of the web threats that exist today:
Blackhat search engine optimization (SEO): Ranks malware pages highly in search results.
Click-jacking: Tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer
Spearphishing: The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
Malvertising: Provides malefactors an opportunity to "push" their attacks at cautious web users who would not normally visit unknown external URLs, by exploiting the reputation of the website and the allegedly advertised brands to convince them that they are visiting legitimate advertisements
Compromised legitimate website: Host embedded malware that spreads to unsuspecting visitors.
Drive-by download: Exploits flaws in browser software to install malware just by visiting a page
Fake antivirus: A form of Internet fraud using computer malware that deceives or misleads users into paying money for fake or simulated removal of malware or claims to get rid of malware, but instead introduces malware to the computer to extort money from the victim.
Keyloggers: Captures personal information and account passwords for identity or financial theft in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
Botnet software: Subverts the system into silently joining a network that distributes spam, hosts illegal content or serves malware.