How Do Hackers get past AV?

I am sure this is a dumb question for most here, but I don't understand how a hacker gets into a system with up to date AV, and of course not clicking on unknown sites??

Thanks,
Jerry

 

Crypter basically.

AVs detect through having exact matches for files and by guessing based on a files behavior.

Bypassing an exact match is simple - that's where crypter and other thisgn comes in.

Avoiding heuristics is just a matter of being "different" from known strains.

 

Thanks. I am sorry to admit that I do not understand what you said. That is my fault and not yours, I do not know what crypter and thisgn are.

Jerry

 

Think that each virus has it's own signature if you will. A piece of programming code that identifies the virus.
If the 'hacker' makes a virus or any sort of program to harm your system with a brand new type of coding that differs from all known viruses, the AV will have a more difficult task in identifying that particular program/virus, and thus, being bypassed.

Understood?

 

Yes, thanks.
That would seem to make AV modules like Avast Safe Zone useful to surf with.

Best,
Jerry

 

Also malware writers check there lastest creations with up to date local antivirus scanners and adjust them as soon as they are detected.

 

Hi Lodore,

I suppose that hackers target specific systems. Or maybe sites. That would seem to make frequent updates of AVs necessary for best security.

It is like war, when an offensive system is developed the work begins on a defense. Then we have a new cycle.

Regards,
Jerry

 

hackers can get pass AV's but how the h*ll do they get pass a strong firewall ?

that's a better question maybe

 

1.Phinishing.. A fake webpage looking exactly like a genuine one where users are asked to login in and when the do,details are sent to the hacker.

2.trojans that disquise itself as something useful that attracts users into installing an application end up with malicious code.Trojans can capture screen shots,log every key stroke,allow access to the hard disk drive and use your pc for other stuff.

3.exploiting vulnerability in any one application and then it can take control of other applications and soon your entire pc.

Thats is why it is also vital to keep things updated and any application you dont use or ignore maybe your exploit waiting to happen.

These Are just a few to mention.

 

Old modems and open ports due to portscans, I should know. Portscan + Open ports + Enabled Remote Admin = Hack. You would be suprise how many companys still have this problem, most home users are better protected just because they have router firewalls that hide ports.

It's not even a war, seriously. I don't like how everyone of wilders thinks it is. You simply need an up-to-date AV program, windows firewall and a hardware firewall that is in almost every ISP router these days. You need nothing else but updates and a small amount of knowledge. Learn what should be running in a normal windows install and you can easy spot something wrong in task manager of process explorer. You then download scanners like MBAM and SuperAS until this mystery process disappears by being caught, or simply Google it and someone somewhere has seen it before and shows you how to manually get rid of it. I don't get why its so hard for everyone, I knew exactly how to get rid of any threat and protect my computer from any harm since the age of 16, maybe its true and im gifted or something.

 

Its more cat and mouse between Anti virus and Malware but not experience users like your self of staying clean or recovering it.IMO a confident user that knows his or her system should not even worry about it.Learn there systems,learn there applications and have a image back up in place that works and forget all the fud.

 

Social Engineering.

 

This is true, but what level of human stupidity do you need to get tricked by something like that. Okay, so you get a rogue and it asks for your credit card details, and you don't even question that? Quickly Google the brand name and find out its a fake and you are safe, any logical human being would do that, nobody blindly buys things other then really stupid people that would fall for XXXshowFreeForever.exe or some other stupid nonsense.

Its education more then anything that people should be looking into, not which AV is best and which is which and what. Seriously, the windows operating system should be taught in schools in and out now as every single business uses computers these days. Its staggering how stupid people are becoming.

Knowledge + Any Well known AV = No Problemo Intanet. I have not had a real infection of any kind for about 7 years now, which was when I was 15. I just decided to get smart and learn windows and by god its not hard after that.

People who fall for simple social engineering should not be allowed on the internet, as for the most part they are the ones that mess everything else up for the rest of us.

 

But you're assuming that all social engineering is simple.

Consider the case of a targeted social engineering attack on a corporation: attackers can be very specific* and very convincing. There's not many of us who would think twice when someone we know sent us a document we were expecting. It would be down to the competence of the IT department whether or not an infection occurred.

The only difference that on our own computers we'd be protected from even from a successful social engineering attempt.

(*one way to be specific is that attackers set up domains to catch misstyped email addresses, e.g. mircrosoft.com, which researchers have shown can amass a lot of potentially damaging information on a company)

 

Is it really that hard to quickly verify an email by IP/Sender details, or check a document for signatures or origin? Its also smart policy to have important business details handled in person or by fax as that is a lot safer and more convenient in a business environment.

 

Since places like banks, AV makers, and even Defense Dept get hacked, I don't think it is stupidity. Most of those institutions have some very smart software and security folks.

Jerry

 

From Wiki.

(Gary McKinnon (born 10 February 1966) is a Scottish[1] systems administrator and hacker who was accused in 2002 of perpetrating the "biggest military computer hack of all time,"[2] although McKinnon himself - who has the mental health condition known as autism - states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. After a series of legal proceedings in England, McKinnon is currently fighting extradition to the United States.)

Gary hacked into some of the most secure servers in the world with nothing but a dial-up modem. How he did this you ask? Military grade servers did not have secure passwords, default admin passwords. It is always human stupidity, I should know as i have the same form of autism he does. I don't know if computers being really simple is an aspergers thing but i can tell you for sure that most people are dumb as rocks and that is why they get hacked.

 

All hacking has to do with human fault because all software derives from a human creating it. That doesn't mean it's always going to be social engineering or guessing passwords.

 

I have to say I disagree, there are some very smart people out there using multiple tools like social engineering, exploits, vulnrabilties etc to hack people, companies and organizations. Then you have stuff like Stuxnet & Flame i.e super malware. How in the hell are you meant to defend against malware that has a faked signed Microsoft certificate? Not much you can do if you ask me.

People are not stupid IMHO.

 

In a busy environment, most people won't look twice when they receive an expected document from a person they are expecting to receive it - written as though it's from that person.

Most people aren't paranoid enough to scrutinise IP addresses of emails when nothing seems amiss. Most people aren't paranoid enough to check documents for "signatures or origin". I tend to check attachments, but would I be so strict if I was in an environment where I received a lot of the routinely?

The companies should make sure that their SMTP servers fix up common spelling errors for domains to prevent the kind of corporate espionage described.

 

Stuxnet & Flame are Government/Military malware and won't wind up on a normal users computer but in places like nuclear power stations and the infrastructure of oil company & or stock exchange. These places should have very well trained and highly qualified security experts to look over them with many security systems in place, and if they get breached it comes down to the people working there not being smart enough or skilled enough to stop it happening. Faking digital signatures is nothing new and is not as hard as you would imagine and one of the simple things any smart person in the IT world would know to look for. Exploits only need patches to be taken care of which is the same deal with vulnerabilities which anyone that knows what they are doing with some IT knowledge to stop from being an issue. We then get to social engineering which again leads to my argument that its not security that a problem, its people being too dumb or uneducated to know what to do.

Its not even paranoia, its just being smart. I have said many times that people should stop worrying about what antivirus or security applications they have installed and start figuring things out themselves.

 

I'll admit to my lack of knowledge, but I have never checked an IP address. I probably never will. If I did I would not know what was what.

I have had several alerts from MBAM telling me that some IP was blocked. I have no idea who or where.

Jerry

 

In a lot of corporate and even private email systems you will generally find the sender IP in the header of the message.

 

Wait, what about generic detection? I don't believe any any current AVs use plain old checksums. Not that generic detection would help with packed files, but still.

 

Regarding the McKinnon/NASA thing: Couldn't that entire breach have been prevented with a disabled Remote Registry service and a strong password? I think I recall hearing either there was no password protection, or it was so weak it fell victim to a dictionary attack.

This is a tell-tale example that no matter how big/sophisticated the company and their tech, they're only as secure as their end users. And they're only as secure as their weakest link. All it takes is 1 person with elevated privileges (a super-user, if you will), with a lax approach, and it all falls like domino's. And because of this in many cases the average Joe/single PC user with a simple NAT router, running a limited or standard account, is safer than a company like NASA, as crazy as that sounds.

Also an example of why to disable things (i.e. services) if you don't need them. It's not "just" about conversing resources.