Web browser: Gateway for Viruses

The web browser is the gateway to the internet to browse web pages, but cyber criminals are using the bugs of the software to make them the gateway for viruses. But not only the security leaks of web browsers are used by hackers, they also use vulnerabilities of the software installed on the hosted website.

Popular targets are well-known programs like Joomla, Wordpress or Typo3, but also Java script, which one is widely used for web 2.0 applications and user friendly interfaces.

Hackers are using cross site scripting to execute malicious code from a remote server.

What does malicious code do?

Hackers try to get control over the surfers computer with malicious code, so that the criminals are able to use it for their needs. In most cases they use it for spamming, but also for attacking other servers. The users PC will be added to a botnet, which is a seperate network controlled by the hackers.

Important: Regular Updates.

Actually there exists no software, which one has no security leak. Criminals try to detect such security leaks in well-known software, like in web browsers, because they can use it as gateways to install a virus on the victims computer. There are security leaks in software used for web sites, and it can be used to spread out a virus, because this sites are often visited with web browsers containing security leaks.

Once such a security leak is detected and officially confirmed, the software vendor publishes an update of the software. The most common problem is, that a lot of users do not implement the update. So the really important thing is, to update the browser immediately, once a new update is available from the vendor.

Updates of software used by the web site.

The software used by your web site is also very important. Every contact form or even a whole content management system you use, can have a security leak, where it is possible to execute malicious code. It is important to keep this software up to date all the time. Otherwise it may happen that you as operator of the web site become a distributor of viruses.

If you are just a surfer, you should keep your web browser up to date. If you operate a web site, you also have to take care to update the installed software on your web server.

What about the web hoster, shouldn’t he take care about security of the systems?

Reliable hosting companies like emerion operate all web hosting packages on well-maintained servers. The servers themselves have an operating system, which must be continuously maintained, as well as the server software and management software.

With a web hosting package the customer gets his own space on the server, where he can install his “own software”. This can be a popular script as well as a complex program. The variety of such scripts is very large, and so the possibility of security leaks, which can be abused by hackers.

Software installed by the customer on his own web space cannot be maintained by the web hoster. For the self installed programs the customer has to take care about updates.

Due to security leaks in scripts a customer installs on his web space, it could be possible that the hacker gets access to the whole server system, if the OS is not up to date, or if the system is not configured properly. Security has a high priority for emerion. The software, as well as the operating systems are always up to date. Basically the systems are configured that they are easy to use for the customer, but there is no possibility to break in. But this does not release the customer from the responsibility to maintain his self-installed software.