[Video] Ways to Infect your computer - Exploits (Not doing your updates)

For the past 6 years I have been self employed running my own computer repair business. Like most of you I come across, malware, rouge, Trojans and all sorts of nasty stuff on customers computers. They always tell me they have no idea how they became infected. They just turned on their computer one day and all of sudden the infection was there. So I thought I would create some videos to help better inform them on ways they can become infected on the internet. Out of the 3 videos I created this one is one of the more interesting and scary.

This one deals with exploits. It show just show easily you can get become infected if you do not install your Windows updates or updates to Internet explorer. It doesn't cover 3rd party vulnerabilities but the outcome would be the same.

It is a 3 part video but the 1st part is by far the most interesting. Enjoy.

Part 1 (how easy it is to infect with no updates)

http://www.youtube.com/watch?v=TJpZlzBkiro

Part 2 (What happens when you have all your updates)

http://www.youtube.com/watch?v=0zcmD-RhQRc

Part 3 (How well do AV's detect Exploits before they infect you)

http://www.youtube.com/watch?v=duJksZnTK5o&feature=related

For those of you who want to see the other 2 videos I made for my customers they can be found below

#1 - Ways To Infect Your Computer - Fake Anti-viruses

http://www.youtube.com/watch?v=JoRc7iGc4Io&feature=related

#2 - Ways To Infect Your Computer - Running Executable files that appear out of nowhere

http://www.youtube.com/watch?v=nHR_6zzbh_0

 

This is a great set of videos. Perfect for the average inexperienced user to get a little understanding of how to get infected and how to help prevent it.

I noticed at the end of the third video you mentioned something about uploading the site/script to VirusTotal. Could you possibly elaborate on how one would do this?

One last thing... Lets say Firefox had the same vulnerabilities/security holes that IE6 does. If a user used Firefox with the NoScript Extension to go to the websites in your videos, would NoScript prevent the system from getting infected?

 

I can't say for sure, but my guess would be yes. If it was exploiting you with a script anyway.

 

These videos need to be watched by some of the people on these forums who say "as long as you don't execute anything or fall for social engineering, you can browse the web at will without worrying about malware." Of course, most of us knew this was BS, but these videos serve as a good illustration as to why.

The truth is, you can be pwned merely by visiting a website. Part of this is due to Windows and it's default insecurity and part of it is people not knowing how to utilize privilege separation and other access controls that is built into Windows but not turned on by default. But that's another issue entirely.

 

Excellent videos. Thanks for taking the time to make them and post them up. Got a few people who I am going to send the links to and tell them it is mandatory to watch em.

 

Nice videos but it looks like you're running as administrator - a cardinal sin, putting one behind the eight ball off the bat.

 

I really like the fact that I can see and read everything in the videos. Most of the others I've seen are hard to read so you did a great job. I just wish I could force a couple people I know to watch the videos.

The vids also prove that execution protection and isolating "risky" apps (sandboxing) are useful.

 

I would imagine he did that purposely for demonstration purposes as most people do run as administrator. I think his basic premise was to get across the point the difference between patching and not patching....as we all know there are many out there that don't patch or update anything.

 

The good quality of the vids were also the first part that I noticed too. I see he was using Sandboxie in some of the vids also. It would be really good if he could do a couple up showing the difference running with Admin rights and dropped rights.

 

Doesn't mean running as admin makes it right or best practice. The push for running as LUA should be emphasized. It is the (one of the) underlying foundation for running a pc securely.

Okay, understood, but the importance of running as LUA as opposed to Admin should merit equal importance at least.

Even better if he shows the difference between running the account as LUA or Admin.

 

Yes. I did run as admin, because you are going to be hard pressed to find any average user who is not running as admin.

As far as the quality of the videos go, Picture and audio quality is very important to me.

I've watched far to many videos where the mic the person was using had so many hisses scratches and pops and the audio so distorted, it was painful to listen too. As far as video quality I've watched FAR too many video's where you could not make out a single piece of text on the screen. They where so blurry that your eyes burned after only a minute of watching it.

So I'm glad you like the quality.

 

Baby steps now, wat0114!!!! LOL.Drop their jaws by letting them to see how easy it is to get infected running full blown administrator and unpatched to boot first. I agree with you on LUA. Cheap, almost easy, and effective.

Keep up the good work Warwagon.

 

In the first vid why does the taskbar change to Win 7 then back to XP at 1.18 and is that a trojan fake alert sitting near the clock?

Seems the machine may be already infected before going to that site?

 

Whoaa! Good eyes Franklin

I didn't see or hear mention of the perils of running as admin. The focus seems to be on running unpatched. The typical user I guarantee is not going to notice in the videos the Administrator account nor understand its consequences.

 

at 1:18 I went to notepad on the host machine to copy the URL, this is when you saw my Host machine's Windows 7 taskbar ( You do realize I was inside VMware Workstation 7 with it full screen? I also had my desktop resolution set to 1280 by 720 so I could record the video in 720p) . As far as the Trojan fake alert sitting near the clock, that's just windows telling me I have no AV installed.

 

Hi warwagon, I really enjoy your video displaying the consequences of not updating. It's put forward clearly, and spoken by you clearly. Even a basic computer user could understand it.

To summarize, it's gone into my collection of educational links for PC users. Thanks.

 

OK fair enough, but you also use Sandboxie.

So what happens if you use a full blown admin account and don't update but run IE through Sandboxie?

Are you protected from the exploit?

 

I think you should be. Oh noes, I should make another video