Web threats encompass a broad array of threats that originate
from the Internet. Web threats are sophisticated in their methods, using a combination
of various
files and techniques rather than a single file or approach. For example, web threat
creators
constantly change the version or variant used. Because the web threat is in a fixed
location of a
website rather than on an infected endpoint, the web threat creator constantly modifies
its code to
avoid detection.
In recent years, individuals once characterized as hackers, virus writers, spammers,
and spyware
makers have become known as cyber criminals. Web threats help these individuals pursue
one of two
goals. One goal is to steal information for subsequent sale. The resulting impact
is leakage of
confidential information in the form of identity loss. The infected endpoint may also
become a
vector to deliver phish attacks or other information capturing activities. Among other
impacts, this
threat has the potential to erode confidence in web commerce, corrupting the trust
needed for
Internet transactions. The second goal is to hijack a user’s CPU power to use it as
an instrument to
conduct profitable activities. Activities include sending spam or conducting extortion
in the form
of distributed denial-of-service attacks or pay-per-click activities.