Safe Browsing: 3. Anatomy of an Exploit

Reader Toolbox   Log in for more tools

3. Anatomy of an Exploit

While there are a number of ways malware digs in to your computer, the most common family of exploits used are shell code exploits.  At its most simple, the pattern is this:

  1. Create something online (a PDF, a Flash movie, a hyperlink to more bad code, a corrupted URL, an infected Office file, etc.) that holds two things:
    1. Something that will make the program it is running in crash
    2. A shell script that can run a commands on the computer
  2. Get the user to click on (or in the case of a Flash .swf file, play) the corrupted thing.
  3. Crash the program. This could be a PDF reader, a Flash player, a browser, Word, etc.
  4. When the crash happens, the shell script is thrown into the machine's memory.
  5. If the shell script finds itself in a part of the machine's memory where it can run, it will in effect open an invisible command line window.
  6. The malware code uses that command window to do things to the system.

What happens after that point depends upon the purpose of the malware combined with the age and unpatched condition of your machine.  What can these things do?

  • Stay resident in memory and log keystrokes on your system – with special attention to bank account and social networking site logins.
  • Install things on your system using your user account. Please note that this can work against any OS, not just Windows.
  • Open ports on your system to allow more malware in.
  • Connect to an FTP site and download rootkits to make a zombie out of your computer.
  • Corrupt your files and wipe your hard drive.
  • Use your machine as a spambot
  • And much, much more!

In the big picture, most Internet criminals don't want the stuff on your computer – they want you either to give them access to other things, like your bank account, or else to let them command your machine to launch attacks on bigger targets, like banks, corporations and governments.

So, where are these attacks coming from?

This is a work of fan fiction, written because the author has an abiding love for the works of J R R Tolkien. The characters, settings, places, and languages used in this work are the property of the Tolkien Estate, Tolkien Enterprises, and possibly New Line Cinema, except for certain original characters who belong to the author of the said work. The author will not receive any money or other remuneration for presenting the work on this archive site. The work is the intellectual property of the author, is available solely for the enjoyment of Henneth Annûn Story Archive readers, and may not be copied or redistributed by any means without the explicit written consent of the author.

Story Information

Author: Anglachel

Status: General

Completion: Complete

Era: Other

Genre: Research Article

Rating: General

Last Updated: 06/19/10

Original Post: 06/14/10

Go to Safe Browsing overview


No one has commented on this story yet. Be the first to comment!

Comments are hidden to prevent spoilers.
Click header to view comments

Talk to Anglachel

If you are a HASA member, you must login to submit a comment.

We're sorry. Only HASA members may post comments. If you would like to speak with the author, please use the "Email Author" button in the Reader Toolbox. If you would like to join HASA, click here. Membership is free.

Reader Toolbox   Log in for more tools