Two CLASSES of Attack

Website defacement attack manifestations are divided into two classes: Overt and Covert. The first kind is most obvious but less prevalent. Overt manifestations usually involve text or graphical changes that involve slander, racism or obscenities. They are defined by an attack which is visible to the website visitor through a browser. Covert manifestations are defined by those that are not obviously visible through a browser, but those in which the source code itself for the web pages has been altered. These changes involve hidden programs that are designed to execute a wide array of malicious attacks.

Frequently Asked QUESTIONS

Won't the antivirus and antispyware software on my web server protect me?
In most cases, web server-based antivirus and antispyware systems won't catch defacement attacks. The malware source code is usually stored on drone PCs across the Internet and their installations are triggered by visiting your vandalized website. Add to this the vast myriad of different types of defacement that have nothing to do with viruses or spyware (profane text, hijacking web pages, disabling links, etc).

Do I need to install any software on my web server?
There is nothing at all that gets installed on your web server. All of our scanning and analysis is performed from your visitors perspective.

My business isn't a target. Do I really need this?
Most attacks are caused by automated software agents that scour the Internet looking for security holes on a 24x7 basis, and can even be propagated within your own local area network. These software programs don't target and don't discriminate. They will take advantage of any vulnerable computer they can find.

Does this service prevent vandalism?
Our system alerts you when a defacement incident has happened so you know exactly where the problem lies and can take action to fix the problem, but it does not prevent vandalism. Unfortunately, nothing can prevent it. There are other systems, such as firewalls and intrusion prevention systems, that help to protect your website, but they are not infallible and hackers continue to bypass traditional security systems, and no matter what, nothing can protect your website against someone with authorized credentials.

Without using WebDog's service, how would I know if my website has been defaced?
You would only know if the attack was overt, but most attacks are covert, or naked to the human eye. Most organizations find out from the media or by being served with a class-action lawsuit.

There are three motives of attack, each of which can be performed in an Overt or Covert manner: Malignant, Commercial, and Detractive.

Malignant attacks involve destructive code, language or images which seeks to damage the web server, and/or the computers of the website visitors, and/or the website owner's reputation. They are usually performed by thrill-seeking vandals, disgruntled employees, or spies. Malignant attacks are performed by those who deliberately seek to harm, for one reason or another, and are, by definition, the most destructive form of website attack an organization can endure.

Commercial attacks involve some type of Spyware or Adware. Spyware aids in gathering information about a person or organization without their knowledge. They are computer programs that copy themselves and spread through networks, secretly gathering information about companies and users and relaying private information to advertisers or other interested parties. Spyware and Adware can get in a web server as a software virus through automated Internet scanning and hacking utilities, or as the result of direct installation by a saboteur. Commerical attacks are performed by those who seek to capitalize on the information that can be covertly gathered through infecting web servers and visitors' workstations.

Detractive attacks seek to redirect the visitor to other website locations. These types of attacks are most often sponsored by the Internet pornography and gambling industries. They seek to hook into the high volumes of traffic generated by popular websites and detract the visitor from going to the website they intend, and lure them to their own sites.

Overt Detractive attacks come in many forms, and the most obvious example is pop-up windows. Redirection code is subversively installed onto a web server, and when a visitor comes to the website, the code is executed on their workstation and a pop-up window with an alternate website overlays atop the original website. Another common type of Detractive attack is known as browser hijacking, in which the home page preference is altered to another URL, and code is installed into the visitors computer which prevents any changes to the home page from taking effect.

Covert Detractive and more frequent, and rarely detected without WebDog's Vandal Vanguard monitoring service. The web server is turned into a puppet computer that uses its high volume traffic of visitors to invisibly "click" on the links to illicit websites. When a visitor comes to a legitimate site that has been victimized by a Covert Detractive attack, their workstation opens a hidden browser window in the background of the operating system, and so the visitor has unwarily also accessed an illicit website. This can happen hundreds of times per minute and grind a visitor's computer down to a standstill. Detractive attacks occur because they result in an increased amount of traffic to an illicit website, and thus makes that website appear more relevant and rank higher on search engines in which the illicit site must compete with it's millions of competitors.