Definition Edit

A web client attack is a technique, often coupled with social engineering, to spread malware.

The victim is lured to a malicious website, often hosted on other systems under the attacker's control, where multiple exploits may be tried in an attempt to compromise vulnerabilities in the victim's browser or system. If successful, the malware is installed without the user's knowledge.[1]

Overview Edit

"A computer user will often make many decisions based on visual cues. An attacker may manipulate a user's course of action by using false visual cues. For instance, if a bogus dialog box is obtrusive and presented in a way that interferes with normal operation of the computer, the user may be coerced into taking an action intended by the attacker that is triggered by accepting or closing the box.

"One way attackers leverage this tactic is through the use of pop-ups. Pop-ups can be sent from web pages that are visited, programs that are installed on the machine, and by the built-in Windows Messenger program. These malicious pop-ups tend to state your computer is "infected" and provide an option to download software to clean it up. This software, however, tends to be malware the attackers want to install on the victim’s system."[2]

References Edit

  1. Botnets as a Vehicle for Online Crime, at 6.
  2. Id.
Community content is available under CC-BY-SA unless otherwise noted.