Defending myself from black hat hackers

  • (2 Pages)
  • +
  • 1
  • 2

16 Replies - 1283 Views - Last Post: 12 October 2018 - 08:42 AM

#16 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6875
  • View blog
  • Posts: 23,313
  • Joined: 05-May 12

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 08:39 AM

View Postastonecipher, on 12 October 2018 - 10:02 AM, said:

Drive-by-download,
Worms like CodeRed

None of which require you to do anything to get infected.


Code is still running in the drive-by-download:

Quote

In drive-by download attacks, attackers compromise websites and embed malicious elements inside. These elements can range from malicious Javascript code injects, to malvertisements, malicious redirects, cross-site scripting attacks (also known as XSS), malicious iFrames that execute invisibly or other subtle attack techniques that potential victims can’t spot on their own.

It feel like you aren't running any code just because you are visiting a site, but the browser is actually running code from the download site: be it Javascript, ActionScript, ActiveX controls etc.

In the case of worms, code is still running. They are feeding data to your system. Your system is reading in the data via running code. Due to vulnerabilities in the code reading the data, the code can be exploited by malformed data, and then co-opted by the malware.

For your Code Red link:

Quote

The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated letter 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine with the worm. Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.[4]

Was This Post Helpful? 0
  • +
  • -

#17 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2835
  • View blog
  • Posts: 11,125
  • Joined: 03-December 12

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 08:42 AM

Let me clarify what I meant. I meant, that you do not have to interact with anything for malware to work.
Was This Post Helpful? 1
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2