Blog

Rahul Thadani
Web security basics: Watering hole attacks VS phishing attacks
February 19, 2013

HTTPS and padlock

Computer users who are well versed with security threats know why and how clever phishing pages must be avoided. Clear signs help to identify fake phishing pages but what does one do against a “watering hole attack”?

What exactly is a watering hole attack?
A watering hole attack is a technique whereby users are profiled and the websites they visit are known by the attacker. Such websites are then infected with malware. Attackers compromise commonly visited websites to inject malicious JavaScript or HTML codes in order to redirect the victim to other malicious pages. On the victim’s machine, this effectively works like a zero-day attack.

In phishing attacks, masses of people are targeted simultaneously. For instance, phishing attacks are carried out against Facebook users or Gmail users. Phishing attacks are more widespread in nature and target a larger amount of people. On the other hand, watering hole attacks are narrowed down to target specific users only. So the infected websites are like a ‘watering hole’ where an attacker waits for his victims, like a predator waits for his prey. (Watering holes are depressions in the ground where water accumulates and animals go to satisfy their thirst. In jungles and wild terrains, predators wait for their prey to reach these watering holes and attack them.)

How does a watering hole attack work?
When a victim visits a compromised page, or the watering hole, his machine is scanned and checked for various requirements. If the web browser and the machine match these needs, he is sent to a malicious page that hosts malware infected code. In a scenario like this, unpatched operating systems, web browsers and out of date system protection software are highly vulnerable.

For instance, a watering hole attack will first ascertain which web browser a potential victim uses and the version of the browser as well. Then it will check if vulnerable programs like Adobe Flash or Java are installed. Subsequently, the system language of the machine will be found out. If any of these checks do not match, a blank page will be displayed. But if all the conditions are met, then a cookie is unloaded into the machine. Compromised machines are then targeted or redirected to infected websites or fake versions of legitimate websites.

Java Security Hole

In contrast to phishing attacks, watering hole attacks are aimed at people who visit websites that do not see heavy traffic. Websites that get a lot of visitors (like Facebook or Gmail) are more feasibly targeted directly with phishing attacks. Watering hole attacks also require plenty of prior research and work by the attacker.

With the rise in cases of cyber crime and cyberespionage, watering hole attack tactics are commonly used to target victims from specific industries like financial services, healthcare, defense, government, academia and utilities.

As precautionary measures, computer users are strongly advised to update the programs on their machine to the latest versions. They should also utilize an effective security solution and remain aware about the nature of threats that are present on the web.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

34 Comments

Your email address will not be published.

CAPTCHA Image

  1. jiaur rahamanFebruary 19, 2013 at 3:19 PM

    watering hole attack work is how to come?????????

    Reply
  2. pl hlp me

    Reply
  3. Dr. SARAL KUMAR MITRAFebruary 19, 2013 at 3:45 PM

    What QH can do in preventing a wild animal (computer user) from going to a
    waterhole (malicious website) for drinking? A very good analogy. Getting
    frightened.

    Reply
    • Hi Dr. Mitra,
      Quick Heal actively blocks malicious websites that can cause harm on a user’s machine. When a user visits such a website, an alert is displayed by Quick Heal to prevent infection.
      Regards.

      Reply
  4. Really a very nice blog,

    Thanks rahul for updating us and precisely bifurcating the PHISING nad WATERY HOLE ATTACKS

    Reply
  5. i codn`t understand about it.

    Reply
  6. Since the last 4-5 days, whenever I visit http://www.pogo.com, it asks me to update my version of Java. Can someone tell me if this is a genuine request or if it is a waterholing attempt

    Reply
    • Hi Aziz,
      The website probably requires Java to run certain features. Off late, Java has faced several security flaws. It is advisable to disable Java from your browser.
      Regards.

      Reply
  7. On visiting a website(watering hole) how the user’s machine is scanned where the outer program has no permission to do that.

    Reply
    • Hi Kunal,
      Websites unload cookies on a browser when a machine visits them. This enables them to change the preferences of the website when the user visits again. Some malicious websites use this feature to track the user’s browsing habits and to gather information about the browser or the machine itself.
      Regards.

      Reply
  8. Sir,

    Its really scary out there suring on internet.
    May you kindly advice me how to avoid waterholes and any other threats since I mostly surf through websites for research on android codes (like http://www.xda-developers.com) and that requires going to places that are very likely to be infected.
    And also a word of advice about reliability on browser Chrome regarding safety of constant use of credit cards through online shopping websites (like http://www.snapdeal.com) and frequent downloads of music and video files(like http://mp3skull.com).
    Does QH Total Security 2013 protects my credit card and my computer form these threats.

    Thanks in advance,

    Regards
    Danny

    Reply
    • Hi Danny,
      Yes Quick Heal protects your machine against any malicious files that you may download. Phishing pages are also blocked so credit card transactions can be carried out without fear. Browsing protection also provides you with security when you are surfing the web.
      Regards.

      Reply
  9. ARUN PRASHARFebruary 19, 2013 at 8:24 PM

    I am not a computer engineer, but i am working on computer since 2005, and using quik heal for the last 10 years, the results are marvelous, i am not aware of “watering hole attack”,
    but every information is important for us.

    Reply
  10. BHAGWAT SARAFFebruary 20, 2013 at 7:14 AM

    CANT UNDERSTAND ADVANTAGE OF IT IN SECURITY

    Reply
    • Hi Bhagwat,
      It is necessary to be aware of the various types of attacks that pose a threat while browsing the web. While phishing attacks get a lot of media coverage and exposure, watering attacks are something that not many people are aware of. As always, awareness leads to foolproof security.
      Regards.

      Reply
  11. Sir, does the same problem possess a ‘threat’ even when surfing in a Linux OS like Fedora 14 or Ubuntu?

    Reply
    • Hi Pankaj,
      Phishing attacks do exist over these kinds of platforms as well. Such attacks are not dependent on the OS of the machine. Rather, it preys on the negligence and the carelessness of users.
      Regards.

      Reply
  12. Plz help me

    Reply
  13. When I Open MS Excel 2003 the virus comes from macro so how can i solve it, if i put security high file doesnt open

    Reply
  14. Presently I’m using quickheal total security 2012, whose subscription ends around mid-March. So, if I renew the subscription will it provide me with the latest features of quickheal total security 2013?

    Reply
  15. rahul shekhawatFebruary 24, 2013 at 7:37 PM

    my antivirus is not giving virus protection

    Reply
  16. can you help me please ! to safe from watering hole attacks vs phishing attacks ?

    Reply
    • Hi Deo,
      If you have Quick Heal installed on your machine, you will be protected against such attacks. Any malicious pages that you visit while browsing the web will be instantly red flagged as dangerous and you will receive an alert for the same.
      Regards.

      Reply
  17. what can I do ? I could not find any solution.

    Reply
  18. RavirajhnMarch 5, 2013 at 2:29 PM

    Hi,

    Where i can find all patches of quick heal antivirus and its uses.

    Reply