Safe Browsing: 2. How Do Exploits Happen?

Reader Toolbox   Log in for more tools

2. How Do Exploits Happen?

Malware does not magically appear on your system. It gains entry because of an action on your part.

The good news is it means you can control your actions and not do things that the malware can exploit. The bad news is that the hackers are constantly thinking up ways to reduce how much action you need to take to trigger their malware.  

There are two major kinds of end-user exploits:

  1. You click something. This is the most common kind of exploit.  Examples of this are links in emails, links on web pages to files, and buttons on pop-up windows. The click executes some code that tries to stick the malware on your system. You have 100% control over these kinds of exploits by refusing to click on the link. The difficulty, of course, is figuring out which links are safe and which are exploits, and you can't always tell. By setting up good security measures, you can reduce the danger of malicious links.
  2. You view a web page or a downloaded file. This is becoming a more popular kind of exploit because it doesn't make you do anything except view something. It is very dangerous because the exploits can be embedded in otherwise safe web pages, like someone's blog or a Facebook page, or can execute silently with no warnings when viewing a PDF or Word file. In web pages, the exploit uses the action of your browser looking at something malicious on the page, like a hidden image or a corrupted Flash file, and uses either a browser add-on or a vulnerability in the browser itself to do the dirty work. In downloaded files, it uses a vulnerability in the file viewer (almost always PDF viewers) to execute malicious code. You have varying levels of control over these kinds of exploits, and they take layers of defense.

There are other ways to exploit machines, but these exploits tend to be aimed at servers or websites. For example, in 2008, HASA was hit by a SQL injection attack where a hacker shoved spam into a few of HASA's database tables by exploiting a URL string. Wordpress is notorious for susceptibility to being "pwnd" (owned) due to rootkits. These are ways that hackers put malware out on the internet to then attack end users.

For a report on what kinds of malware is out there, and the exploits used by the different types, take a look at the Microsoft Security Intelligence Report Volume 8 released in April 2010:

http://www.microsoft.com/security/about/sir.aspx  

While the report does try to find all the good news for Microsoft that it can, it presents a reasonably hard-nosed evaluation of what is being attacked and how. What is clear from the report is that old and unpatched software is the point of exploit in almost all cases, and that patches for the exploits are usually available by a simple download. In other words, if you are running IE6 on XP SP2 with Office 2000, you probably are "pwnd" six ways from Sunday, whether you know it or not.  If you regularly update your system with service packs and patches, you are ahead of the game.


This is a work of fan fiction, written because the author has an abiding love for the works of J R R Tolkien. The characters, settings, places, and languages used in this work are the property of the Tolkien Estate, Tolkien Enterprises, and possibly New Line Cinema, except for certain original characters who belong to the author of the said work. The author will not receive any money or other remuneration for presenting the work on this archive site. The work is the intellectual property of the author, is available solely for the enjoyment of Henneth Annûn Story Archive readers, and may not be copied or redistributed by any means without the explicit written consent of the author.

Story Information

Author: Anglachel

Status: General

Completion: Complete

Era: Other

Genre: Research Article

Rating: General

Last Updated: 06/19/10

Original Post: 06/14/10

Go to Safe Browsing overview

Comments

No one has commented on this story yet. Be the first to comment!

Comments are hidden to prevent spoilers.
Click header to view comments

Talk to Anglachel

If you are a HASA member, you must login to submit a comment.

We're sorry. Only HASA members may post comments. If you would like to speak with the author, please use the "Email Author" button in the Reader Toolbox. If you would like to join HASA, click here. Membership is free.

Reader Toolbox   Log in for more tools