Security back hole can affect web browsers. The web browser display pop-up promotion, collect identity information or installing adware, viruses, or spyware. A cybercriminal can hack a browser’s executable file, a browser’s components and plugins.
A plugin is a software that acts as an add-on to a browser and installs extra functions in the browser. Plugins allow a browser to show extra content which is not available by default. For example, the Macromedia Flash Player and Shockwave are plugins. These all plugins display attractive graphics as well as a cartoon, and animations which improve the look of a web page. Plugins display the content developed using the software.
Quicktime Player and Acrobat Reader are also popular plugin applications. Most plugins are available is free for downloads. To install the plugin, you just visit the website of the plugin’s and click on a link that will download the installer for the plugin. Download and save the installer. Once you have the copy of the installer, open the installer and follow the prompts to install the plugin on your system. You may have to restart your web browser to enable the other functionality provided by the plugin.
As Flash and Shockwave content became popular, the criminals examined these plugins and software, determined vulnerabilities, and exploited Flash Player. The successful operation causes a system crash or allows a criminal to get control of the affected system. Which expect data losses to occur. The criminals also continue to investigate the more popular plugins and protocols for vulnerabilities.
Search engines assign page ranking and presenting important results based on users’ search queries. Depending on the site content, it may show higher or lower in the search result list. Search Engine Optimization (SEO), is used to improve the ranking of a website in search engines.
Many legitimate organizations and companies are working for optimizing websites to better ranking on search engines, the SEO poisoning is a technique uses cybercriminals to make a malicious website appear higher in search results.
The goal of SEO poisoning is to redirect more traffic to malicious websites. The malicious sites do different harmful activities, for example, malware hosting, and social engineering.
Browser hijacking is malware that modifies a web browser‘s settings without a user’s permission. It redirects the user to the cybercriminals’ websites. This software aims to help the cybercriminals. The browser hijacker is usually the part of the drive-by download, a software program that automatically downloads to the victims’ computer when user visiting a harmful site. To avoid browser hijacking read the user agreements carefully when downloading software. It usually changes the default search engine and homepage.
For example, a browser redirects the victim’s homepage to the hijacker’s search page, then the hijacker redirects victim searches to links the hijacker wants the victim to visit. The hijacker also causes slow loading because of installing multiple toolbars in the browsers. The hijacker also displays multiple pop-up advertisements without the users’ permissions.
Defending Against Email and Browser Attacks
Educating the end-user about cautious towards unknown email(s), and using host/server filters are helpful against defending spam and emails. The organization must educate their employees aware of the dangers of opening email attachments that may contain a virus or a worm. Do not suppose that email attachments are safe. Even the mail is from trusted sources. The virus can use the sender’s computer to spread itself. Always scan email attachments before opening them.
Defending against spam is not an easy task, but reducing the effect is possible. For example, ISPs and Email service providers filter spam emails. Antivirus and email software also automatically do email filtering. Theses software detects and removes spam from an email inbox. The Anti-Phishing Working Group (APWG) founded in 2003, is an international consortium focused on eliminating the identity theft and fraud that result from phishing and email spoofing. The APWG also keep all software updated and make sure that the latest patches to keep away vulnerabilities.