Malware is the biggest threat on the Internet. It is a general term for malicious software. Hackers install malware by exploiting security weakness on the web server to gain access to the web sites. It can be an adware which displays pop-up ads, Trojan horses which help hackers to get confidential information.

Malware cannot easily spread from one system to system over the network. But through web they can penetrate to a company web site and use it as a host to spread malware to all over the systems. Malware code is not easily detectable and may infect the system when they browse an affected web site. The users are no longer aware of the attack on their systems. This is called “drive-by” malware. Hackers use drive-by malware to spread viruses, hijack computers and to steal the valuable personal information.

Drive-by malware downloads itself onto a user’s system. Cybercriminals exploit browsers or plug-in vulnerabilities to deliver the malware by hiding it with in a web page as an invisible thing. It can be of the form of iframe, obfuscated javascript, embedded image, flash and PDF file that can be unknowingly delivered from web site to the visitor’s system. Targeting web sites with low traffic allows hackers to avoid detection and can cause more damage for a longer time.

To infect a computer through a web browser, an attacker must do two tasks. First thing is to connect with the victim and to install malware on the victim’s system. One of the easiest way is to make victim’s browser execute the malicious code by ask the victim to visit a web site that is affected by malware. Common types of malware delivery methods are software updates, banner ads, downloadable documents, man-in-the-middle (duplicating the original website and getting the username and password) and keyloggers.

Search engines like Google, Yahoo and Bing place any web site found with malware on a blocked list or “blacklist”. Once blacklisted, the search engine issues a warning to potential visitors that the site is unsafe or excludes it from search results. Taking proper measures to prevent search engine blacklisting is the long-term success of any web site