How malware is delivered nowadays?

I tend to agree... it is like to say since driving a car is so dangerous I just keep walking on my own foot.

Probably safer but the approach has serious limitation (IMO) considering that so many websites nowadays only works with flash and/or other browser graphics add-ons.

Fax

 

A lot of the web is multimedia based so if you don't install the related plugins, you can't view the content. Malware can be transmitted through IM. Does that mean I will not use AIM, ICQ, MSN messenger, Yahoo IM? Nope. Otherwise you would have to go to a chat site (which could be infected) or converse through a telephone conference call.

 

Here are some interesting quotes from Sophos 2008 first quarter security report: (http://www.sophos.com/pressoffice/news/articles/2008/04/secrep08q1.html)

 

Thanks Lucas, nice post....even those with limited knowledge like myself can follow the instructions there to avoid malware....

 

Huge Web Hack Attack Infects 500,000 Pages

 

damn, i use "freebie" sites lately where you supposed to disable firewall, AV, etc.
to get credit for trying things....now am starting to wonder if its a bad idea...

 

So if these attacks are growing at an alarming rate according to Sophos then how we has to deal with it as even legitimate sites are ever more compromised.I tend to trust the Sophos findings,but also the expertise of the anti malware vendors to find solutions,and yes its a continuous batle to no end as long as we live here on earth. I'm not dreaming,paradise exist only in your mind !

 

Hello,

lucas, simple and effective.

Pretty much covers the basics for a typical Windows user. With some extra trimming, you can get even more leeway, allowing you extra lazy comfort if you do not want to implement all the steps.

One thing, regarding hacked trusted sites: the chance of getting infected if you use a normal browser are low. The chances are much higher you might inadvertently disclose privileged info. For example, login credentials or you might buy something, with your credit card number.

Mrk

 

Firefox with NoScript protects against this I believe.

Extract from the Noscript FAQ

"IFrame blocking is disabled by default because I think it's overkill, breaking too much stuff for a too small theoretical security gain: disabling scripts and blocking objects, combined with the anti-XSS protection, actually prevents all the IFRAME-based attacks you could imagine."

If that is not good enough then just disable Iframe and live with the pain

 

Use a browser without ActiveX support. Opera browser doesn't support ActiveX and lets you turn off/on JavaScript, Java, and plugins per site and also globally. If using XP and not using a limited account, then make sure browser runs with lowered rights using Software Restriction Policies with 'Basic User'. Keep browser addins up to date using Secunia PSI. Turn on DEP and consider changing the defaults to OptOut. Also use a 3rd party buffer overflow protection product such as Comodo Memory Firewall.

 

Or you could use a Sandbox + HIPS. If it can't execute it can't infect.

 

To make a long story short, the F-Secure blog recommends using HTTP scanning, a feature that is starting to show up in more and more AV programs.

Not only is DEP a good idea (provided you are not still in the P3 era) but so is LUA/SRP. The effect of LUA/SRP is the browser launches with user rights and may only write to areas from which no .exe may run.

 

I thought that a website could put viruses/trojans in your temp internet folder even with a fully patched system & no interaction from the user? So by typing one letter wrong of a url you could possibly get infected.

 

Yes it can, but it can´t infect your system unless it´s targeting some vulnerability you already have among your applications/OS. Otherwise it will just stay idle in your Temp folder until it´s deleted.

/C.

 

Thank you for the informative post, Lucas. I hope that a decision is made to display it in a very prominent location.

After the read, I was struck with just how difficult it is to convince the average person, at medium risk for acquiring malware infection, to follow the rules and guidelines to become a person who does not acquire malware infections.

What are the risk factors for malware infection and how difficult is it to positively compensate? The overall risk of malware infection is combination of various risk factors, including behavioral risk factors and configurational risk factors. Members of the non-infectious population are those who do not engage in risky behavior and who also do not have risky configurations. They may even receive positive input from the group that they belong to, including advice on what behaviors and configurations to avoid. Members of the infectious population engage in infectious behaviors and also have infectious configurations. Members of these two groups don't have too many mysteries to solve, the causes and effects are clear and uncomplicated. However, those in the moderate risk group due to a combination of moderately infectious behaviors and moderately infectious configurations appear to be stuck in an endless, unresolvable debate over which is the greater risk determinant, behavior or configuration?

Which of these three groups do I want to be in? Do I answer this question or does the group answer it for me? Just as individual members of the non-infectious group receive much positive support from the group to stay in that group by avoiding certain configurations and behaviors, individual members of the infectious group receive much more pressure from the group to stay in that group via retaining infectious behaviors and configurations. Members of the infectious group and the moderately infectious group find it difficult to to join the non-infectious group, by simply changing infectious behaviors and configurations, because pressures exerted against this are very strong. I have found that lack of basic infection prevention knowledge is not the problem, most everybody knows all the rules.

The only way that I have been able to assist individuals to adopt non infectious norms is to first confront them with the fact that what their peers normally do configurationally and behaviorally with their PC's appears to be perfectly normal, but in fact only appears normal because they are members of the global Culture of Infection. When the decision is made to join the culture of non-infection, replete with its stark lack of negative attractors, the individual finally finds it easy to follow the basic rules that he and everyone else knows in order to be infection free.

 

Richbuff,
In the past, I was a member of the infectious group without knowing it and I was infected all the time without knowing it. This was my happiest time on internet.

Once I realized that something was wrong, I became a member of the moderately infectious group and observed the non-infectious group with members like Lucas. First I stole all his ideas, except the ideas, I didn't understand and then I called them my ideas.

Finally, I joined the non-infectious group and although it was an improvement, it was also the most boring group. Now I'm homesick and want to join the infectious group again. Nothing is perfect.

 

I understand that it is against the rules to list bad sites etc but is there perhaps a more general way in which I could deliberately try to get infected ?

Any suggestions - most welcome

the only rules:

I will continue to:

(1) use my firewall router
(2) Firefox + Noscript, Cslite,adblock plus
(3) have my mail delivered to outlook by a provider that checks for and removes malware and spam
(4) delete e-mail from people "I don't know" and not open stange attachments.
(5) not run any real-time av, as, or hips
(6) not run any sand boxie type program

system and data are backed up using Acronis and Shadow Protect and passwords are encrypted so I don't see that I can come to much harm.