In our recent
post about anti-malware myths, we spoke of visitor dependent malware. Three of the methods used to identify which visitors to attack and which to hide from are geolocation awareness, IP address awareness, and language awareness. Malware and phishing content hidden on a business’s website may infect or ignore visitors from some locations but not others. This behavior can help malware to hide on a compromised website for weeks, months, or even years.
There are a variety of methods used to filter out what visitors are attacked, and there are different motivations for doing so.
Four of the reasons why malware on a website may be geolocation aware are: