Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Convincing YouTube look-alike fires RIG Exploit Kit

4 Weeks Ago   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Convincing YouTube look-alike fires RIG Exploit Kit

Quote:
The lure of salacious videos is often used to trick people into downloading and running malware.

As you will see in this example, the bad guys went through enough trouble to make the page look real, from picking a similar URL to creating a convincing error message.
Source

A Guy


My System SpecsSystem Spec
.

4 Weeks Ago   #2
bej

Windows 7 Home Premium SP1 64bit
 
 

"Sorry for not being clear enough on this. The second trick relies on users having outdated software (in particular their browser and plugins). It exploits them doing something called a drive-by download. This requires no user interaction at all... the simple fact of visiting the page is enough to get infection (with the only requirement being vulnerable software)."

I would like to know the process of events that occurs that would put a virus on my system without
any interaction from me.
"The simple fact of visiting the page is enough to get infection" is impossible or everyone in the internet universe would have a virus because ANY page could be set up to cause infection.
My System SpecsSystem Spec
4 Weeks Ago   #3

Windows 7 Pro 32
 
 

Many DO get infected this way, but if you have all programs updated you're much safer.

If your browser allows plugins/add-ons globally then you're at risk if you have any outdated software that they're trying to exploit. Simply because they're allowed to start on any web page without your approval. Then it exploits("hacks" into) an outdated program to get privileges to do other things and to download other files etc.

Internet Explorer for example has a great protection for this, a security feature called Active-X filtering. You must allow each new web site to use Active-X components. If you go back to a web site previously approved then it starts automatically, for example videos on YouTube.
Other browsers has option like Ask-to-activate.

To easily keep all(most) software updated I recommend: Free Computer Security - Personal Software Inspector (PSI) - Secunia

There's also great exploit blocking software out there but I won't go into that now.
My System SpecsSystem Spec
.


4 Weeks Ago   #4
bej

Windows 7 Home Premium SP1 64bit
 
 

Again, it seems everyone should have gotten a virus, at one time or another, if they use Adobe Flash. Every site I visit uses Flash to display some content. In particular, financial sites.
So, what steps need to be taken to either make Flash safe or eliminate its use ?
Updating Flash always requires a visit to the "settings manager" because the update does not transfer your settings. Updating causes storage, camera & mic, and peer-assisted networking to be allowed.
My System SpecsSystem Spec
4 Weeks Ago   #5

Windows 7 Pro 32
 
 

Not if they keep Flash updated all the time. And not all sites of course will try and exploit it. Only bad ones which many AV's will protect you from visit.

Flash is used on many sites for me too but I don't allow it to run unless it's for a vital function on the site. On almost all sites I don't allow it.

On YouTube for example you can switch to use the HTML5 player instead of Flash Player: YouTube

Regarding the lost settings I haven't noticed. I use the manager from Control Panel - Flash Player, and not the one on macromedia.com the global settings manager.
My System SpecsSystem Spec
4 Weeks Ago   #6
bej

Windows 7 Home Premium SP1 64bit
 
 

Thanks for the tip about NOT using flash. HTML5 seems to work very well
on YouTube.
My System SpecsSystem Spec
4 Weeks Ago   #7

Windows 7 Professional x64 Sp1
 
 

For now html5 is safe, for now.

But it has been shown to be easily hijacked as well. But something integrated in a browser is a lot more easier to manage and update, vs a plugin like flash.

Tip also:

If you use chrome, you can uninstall all adobe flash software. Chrome has it built in, and constantly updates with chrome.

So you never have to worry about updating it.
My System SpecsSystem Spec
4 Weeks Ago   #8

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Drive by downloads exploit vulnerabilities in browsers and insecure plugins. It indeed does not require any interaction on the part of the user.

What You Should Know About Drive-By Download Attacks - Part 1 - Microsoft Security Blog - Site Home - TechNet Blogs

What You Should Know About Drive-By Download Attacks ? Part 2 - Microsoft Security Blog - Site Home - TechNet Blogs

How malware works: Anatomy of a drive-by download web attack (Infographic) | Sophos Blog

This is a pdf download, confirmed safe

https://www.virustotal.com/en/url/6c...is/1409442228/

https://www.owasp.org/images/e/ec/OW...t_11_10_10.pdf

Not only are completely stealth downloads and infections possible, it is becoming more and more common. And when I mentioned in another post that more and more completely legit sites were serving up malware, I was called on it. I posted a Malvertising post as well with some common names mentioned. it is long past the time when someone can say I only visit safe sites. Cnet, NY Times, etc. are usually considered safe. It is not impossible, but highly unlikely you will be the victim of a drive by download if your browser and plugins are up to date, so it is not a complete horror story.

A Guy
My System SpecsSystem Spec
4 Weeks Ago   #9

Windows 7 Ultimate x64 SP1
 
 

If you run Firefox or a deriative such as Pale Moon, extensions like NoScript and AdBlock Plus will go a long way towards helping to prevent infection from malicious scripts and whatnot.

AdBlock Plus is also available for Opera 12, Chromium, and Chromium-derived browsers too, though I've unfortunately never seen something like NoScript outside of Firefox.
My System SpecsSystem Spec
Reply

 Convincing YouTube look-alike fires RIG Exploit Kit




Thread Tools



Similar help and support threads for2: Convincing YouTube look-alike fires RIG Exploit Kit
Thread Forum
Now UPS fires courier for tossing Zappos delivery Chillout Room
Exploit Eleonore Exploit Kit (type 1194) help! System Security
need help convincing Network Group to approve Win7 General Discussion
Microsoft fires up free tools for developers News
Convincing a father to allow his son to subscribe.. Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:03 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33