Delivery Methods
Web threats can be divided into two primary categories, based on delivery method – push and pull. Push-based threats use spam, phishing, or other fraudulent means to lure a user to a malicious (often spoofed) website which then collects information and/or injects malware. Push attacks use phishing, DNS poisoning (or pharming), and other means to appear to originate from a trusted source.
Precisely-targeted push-based web threats are often referred to as spear phishing to reflect the focus of their data gathering attack. Spear phishing typically targets specific individuals and groups for financial gain. In other push-based web threats, malware authors use social engineering such as enticing subject lines that reference holidays, popular personalities, sports, pornography, world events and other hot topics to persuade recipients to open the email and follow links to malicious websites or open attachments with malware that accesses the Web.
Pull-based web threats are often referred to as “drive-by” threats by experts (and more commonly as “drive-by downloads” by journalists and the general public), since they can affect any website visitor. Cybercriminals infect legitimate websites, which unknowingly transmit malware to visitors or alter search results to take users to malicious websites. Upon loading the page, the user’s browser passively runs a malware downloader in a hidden HTML frame (IFRAME) without any user interaction.
Read more about this topic: Web Threat
Famous quotes containing the words delivery and/or methods:
“There was no speculation so promising, or at the same time so praisworthy, as the United Metropolitan Improved Hot Muffin and Crumpet Baking and Punctual Delivery Company.”
—Charles Dickens (1812–1870)
“We can best help you to prevent war not by repeating your words and following your methods but by finding new words and creating new methods.”
—Virginia Woolf (1882–1941)