- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
By becoming a tool for an attacker to inflict harm on other systems, a site may be opening itself up to liability issues if they have not been paying sufficient attention to security. For example, if a machine is joined to a botnet it may be a participant in a denial-of-service attack against an external site, or may be used to recruit other machines into the botnet. Phishing sites are used for stealing identity information for various purposes, including transferring money away from victim's bank accounts. Files that are uploaded to compromised hosts may be subject to copyright issues or other more serious violations of obscenity laws in the country the server resides in. If the server is used to send Unsolicited Bulk Email (UBE aka 'spam'), the server may be placed on a blocking list and legitimate users of the server may find their email blocked by many Internet sites.
It is also possible that control of a website may be used to compromise computers that are browsing that site. For example, such an incident is described by Netcraft:
"Hackers have hijacked a large number of sites at web hosting firm HostGator and are seeking to plant trojans on computers of unwitting visitors to customer sites. HostGator customers report that attackers are redirecting their sites to outside web pages that use the unpatched VML exploit in Internet Explorer to install trojans on computers of users. Site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages."
In another incident, a banner advert was used to deliver exploit code to client machines : "During a 12-hour window over the weekend, hackers broke into a load balancing server that handles ad deliveries for Germany's Falk eSolutions and successfully loaded exploit code on banner advertising served on hundreds of Web sites."