Everyday, thousands of websites are compromised by malicious software (malware) that can jeopardize a company’s online integrity and security. Having a website infected with malware is not only a frustrating experience, but also a liability. Malware is commonly used by attackers to gain access to a website’s sensitive data and disrupt the operation of the business.
Malware attacks are not only a threat to the website owner, but they also pose a considerable risk to anyone who visits the site while it’s infected. Malware can infect your visitors’ computers or mobile devices, and steal their bank account information, credit card information, passwords, and other sensitive data.
“Malware can infect your visitors’ computers or mobile devices, and steal their bank account information, credit card information, passwords, and other sensitive data.”
In a 2013 Website Security Statistics Report by WhiteHat Security, it was found that 86% of the websites tested in their study had at least one serious vulnerability. In most cases, the number was far greater than that. A serious vulnerability is classified as one that could lead to a malware attacker having control over a site, user accounts, or sensitive data. The report also notes that 61% of the discovered vulnerabilities were resolved. However, it would take an average of 193 days for the vulnerability to be addressed.
In this amount of time, the damage is already done.
5 Ways Malware Attackers Can Compromise Your Website
There are many different vulnerabilities that a malware attacker can take advantage of to inject malicious code into your website. Here are five of the most common:
1. Password Choice Vulnerabilities (Brute Force Attacks): Over the years, many large scale password analysis studies have been conducted, and what they’ve found is a great majority of website owners use simple passwords such as “123456″ or “password.” These types of passwords are not difficult for experienced malware attackers to crack, and are an open invitation for malicious code.
2. FTP Connection Vulnerabilities: Many websites are often infected through a process known as password sniffing. This is where a silent Trojan or Rootkit, which has been unknowingly placed onto the website administrator’s device, is used to obtain the the username and password of the website. Malware attackers will then use the gathered information to access and infect the website with malicious code at a later time.
3. Website Vulnerabilities: There are several different vulnerabilities within a website itself that a malware attacker can use to inject malicious code. Some of these vulnerabilities include weaknesses in contact forms, login fields, comment fields, and newsletter subscription forms that enable the attacker to inject the malicious code through the form fields.
4. Server Vulnerabilities: Unbeknownst to website owners, many servers that are used to host websites have major security holes that malware attackers seek to manipulate to gain access to the files and code of websites on the server. These are some of the most dangerous types of intrusions due to the fact that if granted access, the malware attacker has the potential to wipe out an entire site.
5. Third Party Add-On Vulnerabilities: A growing trend among malware attackers is to use third party add-on (e.g., WordPress plugins) vulnerabilities to gain access to a website. To prevent this type of malware intrusion, before installing a new third party add-on, make sure that the add-on is reputable and regularly updated.
As a Tampa web design company that is highly experienced with malware prevention and removal, we recommend that if you suspect your website has been infected with malware to have an expert review your website for malicious code immediately. The longer malware remains on your website, the more damage it will do.