Need some help learning

Discussion in 'other anti-virus software' started by Antimalware18, Mar 23, 2013.

Thread Status:
Not open for further replies.
  1. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    Alright, So I have been thinking this over for awhile, and I've came to the conclusion that I have no clue as to the difference between a exploit (Java/flash ect.) and a trojan on a webpage (Scripts/Iframes ect.) and how they would effect the OS and how they would be detected.

    Now my Computer is running Avast. (my fav av. yes I switched back from Comodo land. dont judge me :D )

    Now, Avast web shield both detects and blocks exploits and Trojans (Example: HTML:Iframe-WM [Trj])

    Now my question is, How would running across a trojan such as HaTML:Iframe-WM [Trj] be able to effect the operating system without a exploit being able to drop the payload? and my final question is, Would a piece of software such as Exploitshield be able to stop a Trojan like the one mentioned above or would it be no use?

    Thanks.

    P.s I'm still learning :D
     
  2. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
  3. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
    from whatever i know practically there is no difference.both trojan & exploit allow hacker to execute/install whatever they want on your system.only difference i see is that exploit is more sophisticated & has higher chances of success even when an AV is installed.
     
  4. AVusah

    AVusah Registered Member

    Joined:
    Dec 24, 2012
    Posts:
    274
    A malicious frame is not a trojan; it's a piece of code that attempts to download a trojan from a website onto your computer by exploiting a known vulnerability (exploit) in your browser and/or OS.
    A trojan cannot possibly be automatically downloaded unless there's an exploit that allows the malicious website to bypass the browser's normal download notification, and it cannot automatically and silently install unless there's an exploit that allows it to bypass the OS' security.
     
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    An iframe in a compromised website normally loads an exploit kit from a different server which serves some exploit. The iframe itself is not malicious but an iframe with specific characteristics such as encoding or pointing to a known malicious URL might trigger a signature or heuristic detection from your AV/AM if it is known to them.

    The exploit itself takes advantage of security vulnerabilities in your installed software such as the browser itself or browser components and extensions (flash, shockwave, java, acrobat, activex, etc.). Other apps like Word, Excel, PowerPoint, Adobe, Foxit, VLC, WMP, etc. also have vulnerabilities which are taken advantage of by exploit writers regularly. Once the exploit is successful it silently drops and runs a payload which is normally the malware itself, which nowadays gets dynamically generated with signature and heuristic-evasion techniques every few minutes or on a per request basis.

    In short, the exploit is the HOW you get infected (ie the "hole") while the payload or malware or trojan is the WHAT you get infected with.

    Traditionally AV/AM products deal with the malware binaries (the "WHAT"). ExploitShield blocks the exploits' payload based on recognizing exploit behaviour (the "HOW"), regardless of WHAT is being dropped and executed.

    Hope that helps.
     
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    You don't need to know the cause, you only need to know the solutions. I don't need to know the exact names for bones in my leg if it gets broken, I just need to know that it needs to be bound so it can heal over time. I think the same applies for malware and computer security unless you want to get into the computer security industry.

    Avast! is also great at blocking those types of threats, you really don't need exploit-shield.
     
  7. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    Thank you, That helps alot :) :thumb:

    There's always going to be that one exploit, that one payload that avast wont detect and since no AV is 100% I do like to have a backup defense (exploitshield)

    And Yes I do plan on going into the Security industry per-se. Not exactally though. I'm currently in progress of having a IT company registered :D
     
Loading...
Thread Status:
Not open for further replies.