Exploits and compromised websites

Exploits are also categorized under malware. Exploits are crafted to compromise specific vulnerabilities of software or network services. These are usually in the form of binary data. Exploits take advantage of vulnerability, thereby causing the target software or service to behave in such a manner that the attacker intends it should behave. Usually, the attacker intends to gain control over the target system or simply take it down.

Once an attacker identifies vulnerabilities on its target, an exploit is crafted containing code that would download malware that can give the attacker more access. This concept was used to develop exploit kits. Exploit kits are a set of known vulnerability scanners and known exploits packaged as a toolkit.

The following diagram gives an example:

In a malware campaign, social engineering is used to lure users to visit links that are actually compromised. Usually, the compromised sites were manually hacked and have been injected with a hidden script that redirects to another website. The malicious links are spammed to email messages, instant messaging, and social networking sites. Visiting legitimate sites that are compromised with malicious advertisements also counts as bait. These sites include software or media piracy sites, the dark web, or even pornographic sites. Once the user clicks the link, typically, the site redirects to another compromised site, and to another, until it reaches the exploit kit landing gate page. From the user's internet browser, the exploit kit gate gathers information on the machine, such as software versions, and then determines whether or not the software is known to be vulnerable. It then delivers all exploits applicable to the vulnerable software. The exploits typically contain code that will download and execute malware. As a result, the unaware user gets a compromised system.