This results in displaying the someCuteKitten.jpg image while exploiting
an HTML injection in the background.
Finally, an attacker could simply register a reputable sounding domain name and
host the HTML injection on that domain. As of writing this book, various seemingly
reputable domain names are available such as ???googlesecured.com,??? ???gfacebook.net,???
???bankofaamerica.net,??? and ???safe-wamu.com.???
Motivating User to Click HTML Injections
The days of motivating people with ???Free Porn??? and ???Cheap Viagra??? are over. Instead,
attackers motivate the user to do something that the general population does, such
as clicking a news link or looking at an image of a cute kitten, as discussed in the
preceding section.
For example, suppose it is tax season. Most tax payers are looking for an easy tax
break. Attackers consider using something like this to entice a user click: ???Check out this
article on how to reclaim your sales tax for the year: http://tinyurl.com/2ek7eat.??? Using
this in an XSS worm may motivate people to click if they see that this e-mail has come
from a ???friend.???
However, the more text an attacker includes, the more suspicious a potential victim
will likely become.
Pages:
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131