How NOT to Get Exploited
Drive-by downloads -- malware delivered to random Web site visitors -- are one of the biggest, fastest-growing threats on the Internet. Learn how they spread across the web, and some easy things you can do to protect against these dangerous exploits... |
Exploits Kits Are Big Business
It was a surprise to me when I first learned that the developers of malware don't try to keep their creations a secret. To the contrary, they'll typically offer it for sale to other hackers after they've used it themselves. This "used malware" is traded online in hacker forums and other venues where sellers bundle malware packages into “exploit kits” and sell the kits to crooks who have more money than programming talent.
In my recent article, Drive-by Download Dangers, I discussed how they’ve become so ubiquitous. The rather amazing sophistication of this malware is described in the latest Security Intelligence Report from Microsoft.
The malware delivered in drive-by downloads is recycled stuff, in most cases. Each malware package exploits a different vulnerability in a browser, its operating system, or its add-ons. (Add-ons are the most frequently vulnerable and exploited of the three targets.) A newly discovered vulnerability against which there is no defense (called a zero-day vulnerability) is more valuable to bad guys than an older, well-known one for which patches have been developed and distributed.
A zero-day vulnerability is typically sold by its discoverer to another crook who has a specific, high-value target in mind. Most likely, the target is a large corporation or institution whose IT environment hosts lots of valuable, exploitable data such as users’ personal identity and financial data, or trade secrets. The crook who buys the secret of the vulnerability creates malware that takes advantage of it. He then launches his attack against XYZ Corp. and succeeds or fails. Either way, after the primary attack he has a piece of malware that cost him plenty to develop, and it has re-sale value.
The profits from exploit kits can be substantial; the people behind the Win32/Reveton family of malware reportedly grossed over $50,000 per day in fees derived from exploit kits. Don't think for a second that I'm offering this information as a helpful money-making tip, though. There's an encouraging trend in the past two years, where law enforcement agencies have been taking down these cyber criminals. I discussed one recent example in GameOver and Cryptolocker Busted.
How Do Exploit Kits Work?
An exploit kit consists of a collection of malware, back-end software for managing the malware’s delivery and monitoring its productivity, and an HTML interface for the kit’s operators. The kit resides on a central server while its owner seeds other Web sites with relatively small, innocuous HTML code that links victims to the central server. How that linking is done is pretty interesting.
Each time your browser requests a Web page it sends with the request information about itself: browser name and version number, operating system, and available add-ons. It sends this metadata to tell the Web server what sort of content to deliver and in what format. For example, if your browser supports Flash you’ll get Flash, otherwise you’ll get some other form of multimedia file.
Unfortunately, this metadata also reveals a lot about security vulnerabilities present in your browser, browser addons and your operating system. The code surreptitiously planted on a site by a bad actor relays this metadata to the server hosting the exploit kit. Server software uses this metadata to select malware tailored to your browser and delivers it to you without your knowledge. The malware auto-executes on your (unpatched) system after it arrives.
Protecting Yourself
Now that you know how exploit kits work, a few defenses against them should be obvious. First, keep up with the latest security patches for your operating system, browser and other software. Exploit kits contain mostly exploits that have been known and patched for a long time. Using Windows Update in automatic mode will take care of your operating system. To make sure your installed software and browser addons are up to date and secured, see my article Computer Security: The Missing Link.
Other things you can do to harden your computer against malware attacks include:
-Disable unnecessary browser extensions and add-ons. Be especially careful of allowing addons to run in private browsing/incognito mode.
-Use HTTPS whenever possible, to encrypt your web browsing sessions. The EFF's HTTPS Everywhere extension is available for Chrome, Firefox and Opera browsers.
Following these practices will minimize the openings that your browser gives to bad guys. Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 9 Jun 2014
For Fun: Buy Bob a Snickers. |
Prev Article: SNEAK PEEK: Apple's New Features |
The Top Twenty |
Next Article: Do Health Apps Endanger Privacy? |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- How NOT to Get Exploited (Posted: 9 Jun 2014)
Source: https://askbobrankin.com/how_not_to_get_exploited.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "How NOT to Get Exploited"
Posted by:
BobJ-Mainer
09 Jun 2014
Already have Secunia running, and just loaded EFF's HTTPS Everywhere extension. So far, so good, but I've already seen a couple sites from Facebook links that are not secure. Thinking twice about going any further (like watching a video). Thanks!
Posted by:
BobJ-Mainer
09 Jun 2014
Hey, just noticed: when I clicked on the link in the email from you, the address for your page that opened did not have "https:..." ???
EDITOR'S NOTE: That is correct. AskBobRankin.com does not require encryption, so the HTTPS protocol is not used there. You really only need HTTPS encryption when sensitive data is being sent to a web server.
Posted by:
John Elliot
10 Jun 2014
https Anywhere lists the version for Chrome as beta; how safe is it to use? Any Chrome users out there with advice?
John
Posted by:
Harish Dobhal
10 Jun 2014
Hi Bob, I asked you a question about this vulnerability with flash (which is far more common to be ignored) but, I think 'due to high volume of question emails' you might have missed that one. So, please tell us about this vulnerability and how we should get past it.
http://www.kb.cert.org/vuls/id/323161
EDITOR'S NOTE: This seems to apply to Flash v12. Download the latest version of Adobe Flash (v14) and that should solve the problem.
Posted by:
Jo
10 Jun 2014
Thanks for this valuable and timely information. I wasn't aware of the addons vulnerability. Off to check now for updates.
Posted by:
Bantam
10 Jun 2014
Pity the EFF Https Everywhere extension is only Beta for Chrome (some bugs apparently.
Posted by:
MmeMoxie
10 Jun 2014
Bob ... I don't think, it ever can be stressed enough ... The need for an Anti-Virus program, a Malware program, a good Firewall program and a good Browser Cleaning program. Of course, the good Browser Cleaning program isn't going to "protect" your computer, but, it may just get "rid" of some of the Cookies causing, some of the issues/problems.
I have all 4 and have had for over 10 years, except for the Malware program, that is my newest and latest, even though I have had my Malwarebytes program, for over 5 years now, using the Free version for about 4 years, until I purchased the Pro version, last year.
While, my first browser cleaner was Window Washer, back in 1998, I am not sure, if, my Window Washer knowledge was from Bob or just reading and researching. I eventually, purchased Window Washer Deluxe and used it for many years, until I keep reading, not only from Bob, but, other newsletters, as well ... That CCLeaner was so much better. I used CCleaner's Free version, for quite a few years, until last year, when I purchased several of my "Protection Programs."
My Anti-Virus Programs have been AVG and Avast!. For the past maybe 5 years, at least close to it ... I have used Avast! and feel extremely comfortable with this program. Again, last year I purchased their Internet Security version and am still, very, very pleased. Is my computer, a desktop, virus clean ... Yes siree! Do I get "viruses?" Yep. However, Avast! catches them and put them all into the Virus Chest, that I asked Avast! to do, so that, I can look them over, to make sure the "virus" isn't part of one of my many, many, many games, that I own and have downloaded.
Point to make ... I was trying to download a game, that I had purchased from !Win.com. Bad move, on my part. I knew to "stop Avast!" ... What I didn't know, until this weekend, I may have to "stop" Malwarebytes Premium!!! Now, that completely floored me!!! I had 3 downloads of the same game and 1 other game ... I just finished a complete scan, tonight and all 4 of those downloads, were put into the Quarantine. All 4 of them! They all had "PUP.Optional.iwin.com" as the culprit. So, to get my games, I think I need to change some settings, at the !Win website. Not really sure, that I can, either. Doesn't really matter, since, Malwarebytes Premium did the right thing, in "protecting" my computer.
I really, must admit, that impresses me ... And, I can thank Bob Rankin for his suggestion of Malwarebytes!!! He was the first to tell me, about this awesome program.
Posted by:
Daviid Guillaume
10 Jun 2014
Very informative article Bob and most interesting, I use Hit Man Pro build 216 on my internet computer which I have found to be very reliable since I first installed it about two years ago. It is a cloud based software package and when ever I use the internet I always run Hit Man at the end of every search session. It has saved my internet computer from being corrupted or being taken over by unwanted add on's so many times that I have lost count. David Guillaume UK
Posted by:
Kurt H. Schindler
10 Jun 2014
I do not want just some passive anti-virus program. I want one, that when it detects something coming, immediately sends back to them an attack which scrambles their hard drive, fries their hardware, and electrocutes anyone touching their keyboard. (Not that I have had frustrations with this before or anything.) :-)
EDITOR'S NOTE: I understand your frustration, but the irony is that many websites serving up malware are doing so without the owner or webmaster's knowledge. They've been found vulnerable to some exploit, and hacked.
Posted by:
Joe
25 Jun 2014
I tried to install HTTPS Everywhere extension on my Firefox 30.0 and Firefox blocked installation.
EDITOR'S NOTE: Was there some error message?
Posted by:
Gingerella
27 Jun 2014
Why do we have to have so many protections... here I thought as long as I had PC Matic and WinPatrol that I was pretty safe. I have purchased the Vipre IS for 2014... does that work in concert with these other two programs... and what else might I be needing ...Malwarebytes?
EDITOR'S NOTE: I wouldn't add Vipre to that mix, unless you disable the antivirus engine in PCMatic. You should be fine as you are.