Ad blocker interference detected!
Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers
Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.
In addition to deceptive actions such as redirecting to other sites, malicious content can install crimeware on a user’s computer through a web browser vulnerability or by social engineering, such as asking a user to download and install anti-virus software that actually contains crimeware.
There are three primary classes of content injection attacks, each of which has many possible variations:
- Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.
- Crimeware can be inserted into a site through a cross-site scripting vulnerability.
- Malicious actions can be performed on a site through an SQL injection vulnerability.
Cross-site scripting and SQL injection are propagated through two different primary vectors. In one vector, malicious content is injected into data stored on a legitimate web server, which a victim is exposed to. In the other vector, malicious content is embedded into a URL that the user visits when he or she clicks on a link. This is commonly a URL that includes components that will be displayed on screen or used as part of a database query, such as an argument to a search function.