API tools faq
paste
Advertisement
FlyFar

about_index.html

FlyFar
Mar 29th, 2023
651
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 2.64 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. <!DOCTYPE html>
  2. <html lang="en">
  3.   <head>
  4.     <meta charset="UTF-8" />
  5.     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  6.     <title>Iframe example</title>
  7.     <link rel="stylesheet" type="text/css" href="../styles.css" />
  8.   </head>
  9.   <body>
  10.     <div class="article">
  11.       <h1>Fileless browser malware</h1>
  12.       <p>
  13.         The traditional detection methods used by antivirus software are based
  14.         on scanning the hard drive checking against a database of known malware
  15.         signatures. A fileless malware is not affected by those approaches due
  16.         to the fact that it only lives inside the memory and there is no
  17.         indication about its existence on the hard drive. Furthermore the
  18.         malicious code being executed through a legit process such as an
  19.         browser, it can't be flagged as an unknown possible harmful process.
  20.       </p>
  21.       <p>
  22.         To understand why the browser is the ideal way to distribute fileless
  23.         malware, let's assume the following scenario: the user opens a web page
  24.         containing a malicious script code, the antivirus checks the JavaScript
  25.         loaded, but because the code is obfuscated dynamically, the malicious
  26.         code cannot be detected during the download phase. Usually the browser
  27.         does not specifically seek permission before running JavaScript, so the
  28.         malicious code is executed, having complete access to the sandboxed web
  29.         browser API which contain a powerful set of technologies.
  30.       </p>
  31.       <p>
  32.         These technologies are used by the script to leverage the computational
  33.         power of the victim, providing the attacker the power of each concurrent
  34.         website visitor computer at any given time. Because the malicious code
  35.         is transient and only runs in the background of the browser tab, it is
  36.         difficult to detect the malware once the user has navigated away.
  37.         Therefore, we may ask ourselves, is there something to stop high-traffic
  38.         websites from abusing resources from their users without consent while
  39.         browsing their website?
  40.       </p>
  41.       <p>
  42.         Well the truth is that there is nothing to stop developers or hackers
  43.         exploit the processing power, and even though ethically this seems
  44.         wrong, legally speaking this is still debatable. Oh and if you are
  45.         reading this probably it would be nice from me to let you know that the
  46.         banner below is mining cryptocurrencies for me. Check out your cpu usage
  47.         in task manager.
  48.       </p>
  49.       <iframe src="/iframe" scrolling="no"></iframe>
  50.     </div>
  51.   </body>
  52. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!