How do you get pWned online??

[Sully]

I am just wondering. Many posts state that using program XYZ and 123 in combo is awesome because of *%@@^!!. And then someone will say they had malware #2211 and virii #xuu* get past that very same setup.

So, how exactly do you who get bitten get bit? I run often with only Avira. Many times XP Firewall is on, but more often not. I use SRP a lot in Basic User mode from Admin login. I use Kmeleon browser. I don't surf pr0n sites, but do venture to alot of reverse engineering and such places to learn coding stuff. I never get bitten.

So what is it you do that gets you bitten? Not that I want to, but I am very curious what it is that makes it happen for so many and why it never seems to be an issue for me.

Sul.

[Franklin]

Quote:

Originally Posted by Sully

So, how exactly do you who get bitten get bit?I run often with only Avira.

By deliberately downloading any and all malware I can get my hands on but they do all the biting inside the sandbox.

Would you like to run the samples below and see if you get bit?

Let's just hope Avira has been updated, eh.

And to be honest Avira overall is about the best in detecting new samples.

~VirusTotal screenshots removed per policy.~

[Sully]

Eh? Sure, but I would only purposefully do that in vmWare or Sandboxie.

What I mean is not what you do. I understand that. But when peeps post that they had this or that happen, how did they get it? Email? Facebook? Lot's of ways to get bitten, but even at work where I set systems up, we have not had an instance there in 4 years of being online yet. So I am left scratching my head thinking, how do semi-experienced or experienced get these problems?

It must be self induced, like installing new software.

Sul.

[m00nbl00d]

Quote:

Originally Posted by Sully

Eh? Sure, but I would only purposefully do that in vmWare or Sandboxie.

What I mean is not what you do. I understand that. But when peeps post that they had this or that happen, how did they get it? Email? Facebook? Lot's of ways to get bitten, but even at work where I set systems up, we have not had an instance there in 4 years of being online yet. So I am left scratching my head thinking, how do semi-experienced or experienced get these problems?

It must be self induced, like installing new software.

Sul.

I guess is a mix of it all. E-mails, installing software (new or upgrading/updating), downloading illegal MP3s, etc.

The other day a family member got an e-mail, supposedly from a friend, and as soon as it clicked the link on that e-mail it opened IE and tried to enter a malicious domain. I say tried, because it was stopped by one of my security measures.

It turns out that the e-mail account of my family's member friend got hacked.
There's nothing worse than people believing that this can't happen to themselves.
I'm always telling them to be careful and not to click any links in their e-mails, MSN, etc. They can never know if the person who is sending those links is the person they know.

It may also happen that people install an application they've always used, and perfectly safe, and the latest could be compromised, without the developer(s) even knowing about it, etc. And, when this happens, unless people use an anti-malware software application that may trigger some alert, hence make people be suspicious, then people will go ahead and install it as happily as before.

All scenarios can happen.

[Rmus]

Quote:

Originally Posted by Sully

I am just wondering. Many posts state that using program XYZ and 123 in combo is awesome because of *%@@^!!.

So what is it you do that gets you bitten? Not that I want to, but I am very curious what it is that makes it happen for so many and why it never seems to be an issue for me.

Sul.

Hi Sul,

This may give you something to start with. Referring to a particular product, the poster writes,

http://www.wilderssecurity.com/showt...40#post1471040

Quote:

But it seems to kick some serious @ss when you attempt to install problem files.

The clue here is "problem files."

I used to peruse the hijack forums and AV forums to get an idea of what types of infections were going around. Interestingly, the majority were not from drive-by attacks, but downloading "problem" files, which I came to describe as anything that I would not download.

Several big culprits:

Codec files

An example that I like to cite:

DNS changer Trojan for Mac (!) in the wild
http://isc.sans.org/diary.html?storyid=3595

Quote:

The user is then prompted to install the package and during this process he will have to supply the administrator credentials. Yep, it's game over from this point in time (and the attack is exactly the same as on Windows - keep in mind that these users *will* willingly supply these credentials.

The clue here is that the user grants installation privileges.

Big complaint from victims: Why didn't "it" (my AV or whatever is popular these days) catch this. Easy explanation: malware codecs and flash updates change quickly and signature-based solutions can't keep up. Even behavior-based solutions often fail to catch.

Storm e-cards

...and similar tricks. Now, these are executable files, yet victims willingly grant installation privileges. Many victims have been successfully tricked, as you know, since the Storm botnet is one of the largest.

Same problem with detection as above. Storm variants changed hourly in the early months of its success.

So, I think it's pretty clear why people get owned while on line. In a few cases in corresponding with victims, it became evident that

• they had a false sense of security gained from following advice on forums about this and that product as the end-all to security. The majority of discussions on "security" forums revolve around anti-malware products, yet my experience has been that those I know who have never been infected don't use many, if any, such products, and don't frequent security forums.
  
  
• there was a lack of general knowledge about security basics, such as Brian Kreb's rule, "Don't install anything you didn't go looking for." Or, mine: "If a video requires a new codec, or flash update, move on."

It also became evident to me that security has nothing to do with which Operating System or browser one uses.

Good example late last year: a victim of a PDF exploit complained that

• his AV was up to date (one of the popular ones that has a forum here at Wilders)
  
  
• he uses Firefox

When pressed to explain, he admitted that

• he assumed that he was immune from drive-by attacks because he uses Firefox,
  
  
• he didn't know that a PDF exploit is not a browser exploit,
  
  
• he had no protection against executable payloads in a drive-by attack

So, I think the answer to your question is quite easy. And I'm sure there are factors in addition to what I've listed that can be considered.

Interesting topic! and should be thoroughly thought-out by all security-minded people.

regards,

rich

[Keyboard_Commando]

I got well and truly pwned online via a 3rd party chat messenger. I wont mention which because it just gives the creep that did it fame he doesnt deserve. Apparently he hacked into the 3rd party messenger update file location and planted an infected update there. So anyone with auto update enabled got screwed (unfortunately this was the default setting). Completely wormed the drive. Luckily for me I saved my music files, which is all I really cared about

Apart from Comodo, everything is set to manual update now. So yeah I guess am burnt out by the experience.

[Rmus]

Very interesting! You may have seen this:

Google Chrome's Security Practices Raise Eyebrows
http://www.pcmag.com/article2/0,2817,2347216,00.asp

Quote:

updates are applied without permission from the user and this cannot be turned off,

----
rich

[Sully]

@Rmus

I think that is a good overall picture. I don't download codecs, or music. I view all my email without html/rtf as just plain text. Never open those e-card things.

The analogy of don't open or install what you did not request is what I have always practiced, including telemarketers and the like. I've been surfing since the web was a bunch of bbs type forums, all text with few pictures. That was back in 3.11 days. LOL, I even remember we had a modem for the Commodore64, that you laid the phone onto the cradle. It was only a text screen, but it was pretty cool at the time. I have had a few items installed when I was too lazy to actually read the EULA agreement, like google toolbar, which I cannot stand. Maybe I just spend too much time coding or messing with windows and playing games to do the things the authors target users for.

I have downloaded items that have bad things in them. Archives normally if possible rather than installers. In the old days F-Prot would scream at me and nowadays Avira will. I have a few test files I play with, but about the only thing Avira ever tells me these days is occassionaly somethign in my browser cache is suspicous so I delete it.

I have yet to make it to that friends house with the autorun virii. The infected computer is still in the same state. I talked them through on the phone how to remove it, as I lack time for that right now. Maybe I can snag that and play some.

Yeah, I was hoping there could be some sort of 'theme' that developed from this thread. I am curious, but also to help those I support, sort of like saying to them 'according to many peeps who are into computer security, activity X and activity Y seem to be the most common way to get bitten, so don't do those things'.

Thanks for the replies. Good info.

Sul.