2. How Do Exploits Happen?
Malware does not magically appear on your system. It gains entry because of an action on your part.
The good news is it means you can control your actions and not do things that the malware can exploit. The bad news is that the hackers are constantly thinking up ways to reduce how much action you need to take to trigger their malware.
There are two major kinds of end-user exploits:
- You click something. This is the most common kind of exploit. Examples of this are links in emails, links on web pages to files, and buttons on pop-up windows. The click executes some code that tries to stick the malware on your system. You have 100% control over these kinds of exploits by refusing to click on the link. The difficulty, of course, is figuring out which links are safe and which are exploits, and you can't always tell. By setting up good security measures, you can reduce the danger of malicious links.
- You view a web page or a downloaded file. This is becoming a more popular kind of exploit because it doesn't make you do anything except view something. It is very dangerous because the exploits can be embedded in otherwise safe web pages, like someone's blog or a Facebook page, or can execute silently with no warnings when viewing a PDF or Word file. In web pages, the exploit uses the action of your browser looking at something malicious on the page, like a hidden image or a corrupted Flash file, and uses either a browser add-on or a vulnerability in the browser itself to do the dirty work. In downloaded files, it uses a vulnerability in the file viewer (almost always PDF viewers) to execute malicious code. You have varying levels of control over these kinds of exploits, and they take layers of defense.
There are other ways to exploit machines, but these exploits tend to be aimed at servers or websites. For example, in 2008, HASA was hit by a SQL injection attack where a hacker shoved spam into a few of HASA's database tables by exploiting a URL string. Wordpress is notorious for susceptibility to being "pwnd" (owned) due to rootkits. These are ways that hackers put malware out on the internet to then attack end users.
For a report on what kinds of malware is out there, and the exploits used by the different types, take a look at the Microsoft Security Intelligence Report Volume 8 released in April 2010:
While the report does try to find all the good news for Microsoft that it can, it presents a reasonably hard-nosed evaluation of what is being attacked and how. What is clear from the report is that old and unpatched software is the point of exploit in almost all cases, and that patches for the exploits are usually available by a simple download. In other words, if you are running IE6 on XP SP2 with Office 2000, you probably are "pwnd" six ways from Sunday, whether you know it or not. If you regularly update your system with service packs and patches, you are ahead of the game.