Jump to content

How do viruses get past the browser sandbox?


hsjs3

Recommended Posts

When I visited a web site the other day, my antivirus warned me that it detected a virus. I also have heard that the AV companies can't keep up with the constantly-changing viruses.

My question is: How do the viruses get in? I know that if you download and run a file, you can get a virus. And I know that you USED TO be able to get a virus just by visiting a site, because the browsers were insecure. But aren't we past that era now?

(I'm generally tech-savvy, but just a bit out-of-date on this issue.)

Link to post
Share on other sites

When I visited a web site the other day, my antivirus warned me that it detected a virus. I also have heard that the AV companies can't keep up with the constantly-changing viruses.

My question is: How do the viruses get in? I know that if you download and run a file, you can get a virus. And I know that you USED TO be able to get a virus just by visiting a site, because the browsers were insecure. But aren't we past that era now?

(I'm generally tech-savvy, but just a bit out-of-date on this issue.)

USED TO? Not hardly, it's alive and well.

http://forums.whatthetech.com/index.php?showtopic=111155

12.10.2010 - "... Over the past few days, we saw the quick spread of HDD Plus** - a malware that (somehow) gets installed on victim computers, and holds the computer hostage by displaying threatening message (that the system is failing), asking you to purchase a license so HDD Plus will fix the problems... one of the means for HDD Plus to spread, was via drive-by download malvertising through (at least) DoubleClick and rad.msn .com, which are both the world's largest ad serving platforms...
Link to post
Share on other sites

USED TO? Not hardly, it's alive and well.

http://forums.whatthetech.com/index.php?showtopic=111155

"Over the past few days, we saw the quick spread of HDD Plus** - a malware that (somehow) gets installed on victim computers"

Thanks, that was interesting to read through. So there are a lot of "malvertising" situations, where clicking on an ad leads you to a malware page. Or cases where you get a message from a friend's hacked account, asking you to visit a malware page. Presumably, these sites would then ask you to install software or a browser plugin (which is also software). But IF YOU DON'T, then you should be safe, right?

The HDD Plus case you quoted seems mysterious. They say it "somehow" gets installed, so I don't know what to say.

Admittedly, there are still a few small leaks listed on that page. A chain is only as strong as its weakest link, and browser security is only as strong as its weakest plugin. They list an exploit of the latest Quicktime plugin. And Java.

So, a question: How many pages on the web actually use Java? Can I disable it without causing much trouble?

Link to post
Share on other sites

When I visited a web site the other day, my antivirus warned me that it detected a virus. I also have heard that the AV companies can't keep up with the constantly-changing viruses.

There's been a lot of discussion on that. Malware is released by the hundreds/thousands every day so the possiblity to find them all is impossible. While it is generally true that we can't keep up, newer technologies are helping fix the gap.

My question is: How do the viruses get in? I know that if you download and run a file, you can get a virus. And I know that you USED TO be able to get a virus just by visiting a site, because the browsers were insecure. But aren't we past that era now?

Several. Many are drive by which force them onto your system. Often are used with php scripts and other website coding. Browsers are still being exploited on a regular basis so the term "insecure" is still largely used. We aren't past that by a long shot.

Link to post
Share on other sites

Several. Many are drive by which force them onto your system. Often are used with php scripts and other website coding. Browsers are still being exploited on a regular basis so the term "insecure" is still largely used. We aren't past that by a long shot.

I'm not sure if I'm misunderstanding here. All the articles I found when searching for "drive by download" (including wikipedia) seem to refer to older systems, like 2002. I guess I'm asking whether a modern browser with a modern Windows is secure. I mean, say, Vista and IE8, without insecure plugins.

If a "drive by" tries to save a file to my computer or install a plugin, it will have to ask me with a Save-dialog or yellow-bar on top, won't it? Yes, I know it will try to fool me in some way to convince me that I need to download it.

If I'm smart enough to never accept a plugin or download, then am I secure when visiting any web site?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.