How Malicious Code Damage a Website and its Visitors?

As you people know very well that I have been emphasizing about security and its importance from day one – but people actually didn’t focus on it and here are the results for not paying attention.

Jang.com.pk and few other Pakistani websites got marked as malicious websites by Google. To actually understand on how all this happened, and what ways are there to avoid such instances, let me briefly discuss it for you guys.

Website example.com.pk a very well known website of Pakistan and it is known for the quality of content. But unfortunately, they didn’t do any security audit of the web server. As, I said, example.com.pk is very famous site, hence it gets plenty of attention, both from good and bad people across the web. Those bad people, can also be called malicious attackers, who use weakness in particular application and misuse it.

(By application I mean the software used for website, such as wordpress, doorpal, or in-house developed etc)

These malicious attackers don’t target particular websites; instead they keep on browsing internet and keep looking for security loopholes that they can use by putting attack code on the server. Such attackers inject code on websites, and then start getting information of visitors, or other information stored on that specific web server (including but not limited to, name, email addresses, credit card numbers and so on).

Such attackers don’t deface websites, but they keep stealing the data without changing any file, thus webmaster never comes to know that there is someone who is using his/her website for stealing data or other ill means.

Malicious code can be even dangerous if it is automatically transferred to visitors’ computers, and then starts sending the information of all the visitors back to the attacker.

Such code downloads automatically, or it may use different techniques in order to gain access to visitors’ computers; such as, it can be in form of a video codec, or maybe embedded in a JPEG file and so on. Such malicious code can be of different nature, depending on what attacker wants from the target, can be a virus, Torjan or maybe adware.

Let’s assume a website is having 20,000 visitors per day, and around .4 million visitors a month, so just imagine on how badly these malicious codes can circulate around in a short span of time – But still people say we are normal site we don’t want security at all.

So again, this is a request to webmasters, to get their websites audited, patched well, and without any loopholes, to not only save your online businesses but the computers of your visitors too.