Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can a website take control of my computer?


  • Please log in to reply
11 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 AM

Posted 17 February 2015 - 10:20 AM

The Economist magazine (Jan 17, 2015 page 57) in the article "Your money or your data" said the following:

 

"Extortionists often pay associates to post 'malvertising' banner ads that lure traffic to websites that can take control of visiting computers, says a Parisian security researcher know as Malekal."

 

I do not understand what is meant by "...websites that can take control of visiting computers...".  Can a website actually take control of my Windows 7 laptop? What would I have to do at that website for it to "take control"?  Or am I misunderstanding this statement?



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:10 PM

Posted 17 February 2015 - 10:35 AM

Hello there,

I believe that the researcher is talking about drive-by downloads.

From my understanding, what the researcher mean here is the malicious banner redirects the user's browser to a webpage containing a script to infect the victim's machine (landing page). The malware dropped by the script can be a bot with a rootkit component, which is capable of controlling the machine's actions to hide the presence of malware on the system (which is probably the "take control of visiting computers" part here).

The condition for a script to drop malware on your system is there should be some sort of "loophole" - which we call exploit - for the malware to infiltrate the machine. This is usually an outdated browser or plug-in (commonly Flash, Java and Silverlight). And also there are no countermeasures in place to stop the exploit from happening.

Regards,
Alex

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 AM

Posted 17 February 2015 - 11:32 AM

Are they mentionning Malekal from the Malekal Forums? What they say makes sense however. Like Alex explained, these exploit packs could drop pretty much anything you can think of on a system. However, in order to literally take control of your system, the malware dropped would have to be a RAT (Remote Administration Tool) or a bot (to be part of a botnet). I guess you can say that "control" can be taken if a browser hijacker is dropped and that the connection is affected by various redirections (to other websites for example, to increase their traffic), but that would be something else. If you want to avoid being hit by exploit packs, I suggest you to disable all your plug-ins and only enable them on pages where they are required, same for Javascript. I would also install NoScript (Firefox) or ScriptSafe (Google Chrome) to add a layer of protection in your browser. Other than that, I would install Malwarebytes Anti-Exploit as a system-layer of protection and also CryptoPrevent, since of these days, a lot of Cryptoware are delivered via exploit kits.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 17 February 2015 - 02:31 PM

Yes, as Alexstrasza and Aura. explained. But it's not literally the website that takes control. It is the malware downloaded from the website that can take control.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:10:10 AM

Posted 17 February 2015 - 03:42 PM

In addition to what the other users have shared, there were old exploitation frameworks that were used to take control of users' browsers...  i.e. the Browser Exploitation Framework (BeEF).


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:10 PM

Posted 17 February 2015 - 09:06 PM

Just FYI, starting from version 3 HitmanPro.Alert (not the AM scanner, but a browser plug-in) now features the ability to block exploits similar to MBAE.

Alex

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 18 February 2015 - 06:42 AM

In simplistic terms...a drive-by download refers to the unintentional download of a virus or malicious software by visiting a compromised website that is running malicious code or an HTML-based email message that redirects to such a website. An exploit is some kind of malicious action intended to take advantage of vulnerabilities (security flaws) in a browser, program, or operating system that is out of date.

There are basically two types of exploit attacks:
1. Cyber-criminals who exploit unknown software vulnerabilities (zero-day) to infect computers with up-to-date software.
2. Cyber-criminals who use exploit kits which take advantage of known software vulnerabilities to infect computers that are not using up-to-date software.

According to An Overview of Exploit Packs and their exploits (December 2014) the majority of victims were running up-to-date software when they were exploited. Code Reuse Attacks (software exploits that allow attackers to execute arbitrary code on a compromised machine) are among the most popular exploitation techniques used by attackers today since there are few practical defenses that are able to stop such attacks on arbitrary binaries without access to source code.
 

Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Tools of the Trade: Exploit Kits
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 OpenSourcerer

OpenSourcerer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 18 February 2015 - 12:30 PM

Yes, the people above did a great job of explaining.

It's not nessiarly the site itself, just that the malware you can be infected with.
The site could be compromised and an attacker could leave a redirect to an exploit kit, which will result in malware being downloaded and then run on your machine, provided that you're running a vulnerable software/plugin.

The main types if exploits be worried about are 0day exploits, meaning there is no patch available at the time to protect you. Keep your stuff updated.

There is many things that could be downloaded without you even knowing, some common forms of malware that you need to worry about are as follows
R.A.Ts - Provide the most "control" over a system. An attacker could use your computer as if they were sitting behind it. Some of the core features of ever rat is as follows, but not limited to
*See you through your webcam, if attached
*Log your keystrokes
*Show the attacker your saved passwords in browsers and other applications.
*Use your internet to send denial of service attacks
*grab a live feed of your screen, as well as control your system with a keyboard and mouse
*open web pages
*Download/Upload/view/delete files on your harddrive
*download other peoples malware from a direct link
And many more. However, the majority of these are not hard to remove since they are primarily used by skid. They typically do not come with rootkits and simply drop a file and add a reg key to run the file at startup.

Keyloggers - These are not as serious as R.A.Ts, but still malicious they
* Log keystrokes
* Get stored passwords in browsers and other applications
* periodically email logs or upload them via FTP

Botnets- These are some of the more advanced malware. They typically spread via exploit kits and are used to control mass amounts of computers. They ussually leverage rootkits to avoid detection and maintain persistence. These are used by more experienced hackers and are very dangerous and difficult to remove.
* Use your internet to send denial of service attacks
* download other malware
* mine crypto currencies
* click fraud (use your pc to generate revenue by clicking on ads)
* spamming

These are not all that these do, just some common core features.

Keep your software up to date, use a good antivirus software such as Kaspersky or Bitdefender(paid) or Avast!/Avira(free) use a modern browser such as Google Chrome or Firefox, as they tend to be exploited less than Internet Explorer. I prefer Firefox because it is open source and "bugs fall shallow upon many eyes"

Stay safe.

Edited by OpenSourcerer, 18 February 2015 - 12:33 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 18 February 2015 - 03:54 PM

...use a modern browser such as Google Chrome or Firefox, as they tend to be exploited less than Internet Explorer. I prefer Firefox because it is open source and "bugs fall shallow upon many eyes"

While I use Firefox for its features, alternate browsers are just as prone to exploits as Internet Explorer. That's why the vendors frequently release updated versions with fixes. Those folks who like Internet Explorer and follow "Best Practices for Safe Computing", there is no need to change to something else. For those who do not follow "Best Practices" using a different browser is not going to help them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:10 AM

Posted 18 February 2015 - 06:25 PM

I might add that all the browser/plugins and the checking for vulnerabilities, running the exploit in the browser, downloading and executing the malware (.exe) on the local machine all goes on in the background. People can get hit and have no idea what, where or when it happened.

 

 


How Can I Reduce My Risk to Malware?


#11 OpenSourcerer

OpenSourcerer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 19 February 2015 - 09:28 AM

...use a modern browser such as Google Chrome or Firefox, as they tend to be exploited less than Internet Explorer. I prefer Firefox because it is open source and "bugs fall shallow upon many eyes"

While I use Firefox for its features, alternate browsers are just as prone to exploits as Internet Explorer. That's why the vendors frequently release updated versions with fixes. Those folks who like Internet Explorer and follow "Best Practices for Safe Computing", there is no need to change to something else. For those who do not follow "Best Practices" using a different browser is not going to help them.

Yea, I was in a rush to write that and didn't take into account that Microsoft does patch things rather quickly. I am slightly biased against Internet Explorer because it's pretty much unusable in my opinion, yet most (non tech savvy) people use it, which saddens me. Anyway this thread wasn't meant to debate browsers and the OP's question has been answered.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:10 AM

Posted 19 February 2015 - 12:30 PM

Yea, I was in a rush to write that and didn't take into account that Microsoft does patch things rather quickly...

Understood and not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users