In general, newly created malicious programs and malicious codes that have not yet been analyzed by vaccine developers or related security companies infect a computing apparatus concerned even if a vaccine program is installed in the computing apparatus. Especially, the computing apparatus may be infected with a malicious code (e.g., vulnerability attack (Exploit) code) merely by visiting a specific website when a user is connected to the Internet through the computing apparatus.
This means that an attacker hacks the website concerned and spreads a malicious code to people who visited the website, or that an attacker directly operates the website and spreads the malicious code.
In addition, an attacker can automatically collect web pages which are the target of attack through a search engine, and use an automated SQL injection attack tool for actual attacks. Recently used SQL injection attacks hides a malicious code link in a specific website and causes visitors to be infected. The SQL injection attack tool searches a vulnerable site through a search engine, and then performs an actual SQL injection attack on the vulnerable site to embed a script that links malicious script files to a DB.
When a user visits a website with a malicious script, contents which is accompanied by the embedded script is fetched from the DB by an attacker's web server and is presented to the user. Once the script is executed through a web browser, another malicious script is successively fetched from the attacker's web server and executed through the web browser. It is because that the malicious script is loaded with a vulnerability attack code (Exploit code) for actually attacking the user's computing apparatus. As a result, a malicious code is installed in the user's computing apparatus with a low security level so that important information leaks out from the user's computing apparatus.
In order to defend against such SQL injection attacks, much research is being done to find methods for blocking the incoming path of malicious codes by real-time inspection of websites and investigation on harmfulness.
In a related art of determining the presence of any malicious web page in a specific site, it is inspected only as to whether any malicious pattern exists in a script, or whether a page structure of a visited site is similar to a malicious web page. This may lead to the problem that a specific malicious pattern cannot be found, or previously unknown, new malicious programs may not be detected even by inspection. The related art is disclosed in Korean Patent Laid-Open Publication No. 2009-0034648 (Published on Apr. 8, 2009).