By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Cross-Site Scripting: The Real WordPress Supervillain
    Cross-Site Scripting: The Real WordPress Supervillain
    12 months ago
    Hackers targeting your smartphone
    12 months ago
    Improved Version of CTB-Locker (Onion Ransomware) Emerges
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Notification about increase in ransom DDoS threats
    12 months ago
    Windows 11 build 25169 outs with new features
    12 months ago
    How to enable Bluetooth on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    22 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    22 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    23 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    The most Important Shortcuts Keys For Computer
    12 months ago
    What’s new in Chrome 88
    12 months ago
    Windows 11 might get floating Taskbar similar to macOS
    9 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: Explaining what exploits are and why they are so scary
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
AppsThreatsWordpress Threats

Explaining what exploits are and why they are so scary

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
8 Min Read

Security experts often mention exploits as one of the most serious problems with data and systems safety; although it’s not always clear what the difference is between exploits and the malware in general. We’ll try to explain here.

Contents
What is an exploit?Infection routesExploits run in packsConclusion

What is an exploit?

Exploits are a subset of malware. These malicious programs contain data or executable code, which is able to take advantage of one or more vulnerabilities in the software running on a local or remote computer.

Put Simply: You have a browser and there is a vulnerability in it that allow “an arbitrary code” to run (i.e. install and launch some malicious program) on your system without your knowledge. Most often the first step for the attackers is allowing privilege escalation, so they can do anything within the attacked system.

HP’s Zero Day Initiative has released four new #zeroday in #IE https://t.co/3MvmBKikdU via @threatpost pic.twitter.com/fVuPQY4cxw

— Kaspersky Lab (@kaspersky) July 23, 2015

Browsers, along with Flash, Java, and Microsoft Office, are among the most targeted software categories. Being ubiquitous, they are actively explored by security experts and hackers alike, and developers regularly have to release patches to fix vulnerabilities. It’s best if these patches are applied at once, but unfortunately that is not always the case. For instance, you should close all browser tabs or documents to perform an update.

Another problem is exploits for the yet unknown vulnerabilities, discovered and abused by blackhats: so-called zero-days or 0days. It may take a while before the vendors know they have a problem and work it over.

Infection routes

Cybercriminals often prefer exploits over other infection methods like social engineering – which can be hit or miss – the use of vulnerabilities continues to produce the desired results.

There are two ways users can be “fed” exploits. First, by visiting a site that contains malicious exploit code. Second, by opening a seemingly legitimate file with hidden malicious code. As one may easily guess, it’s most likely spam or a phishing email that will bring the exploit in.

Why #phishing works and how to avoid it – https://t.co/ksAYI9g2Jm #security #cybercrime

— Kaspersky Lab (@kaspersky) October 1, 2014

As noted in Securelist, exploits are designed to strike specific versions of software that contain vulnerabilities. If the user has that version of the software to open the malicious object, or if a website is using that software to operate, the exploit is triggered.

Once it gains access through the vulnerability, the exploit then loads additional malware from the criminals’ server which performs malicious activity such as stealing personal data, using the computer as part of a botnet to distribute spam or carry out DDoS attacks, or whatever the culprits behind it intend to do.

Exploits pose a threat even for the aware and diligent users who keep their software updated. The reason is a time gap between the discovery of vulnerability and a release of the patch to fix it. During that time, exploits are able to function freely and threaten the security of nearly all Internet users – unless there are automatic tools to prevent exploit attacks installed.

And don’t forget about above mentioned ‘open tabs syndrome’: there’s a price to be paid for update, and not every user is ready to pay it right away when a patch is available.

Exploits run in packs

Exploits are often packed together so that an attacked system is checked against a wide range of vulnerabilities; once one or more are detected, the appropriate exploits enter. Exploit kits also widely use code obfuscation to avoid detection and encrypt URL paths to prevent researchers from unrooting them.

Among the best known are:

Angler – one of the most sophisticated kits on the underground market. This one changed the game after it had begun detecting antivirus and virtual machines (often used by security researchers as honeypots), and deploying encrypted dropper files. It is one of the fastest kits to incorporate newly released zero-days and its malware runs from memory, without having to write to the hard drives of its victims. Technical description of the pack is available here.

Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0 – http://t.co/DFGhwiDeEa pic.twitter.com/IirQnTqxEO

— Kaspersky Lab (@kaspersky) May 30, 2015

Nuclear Pack – hits its victims with Java and Adobe PDF exploits, as well as dropping Caphaw – a notorious banking Trojan. You can read more here.

Neutrino – a Russian-made kit containing a few Java exploits, made headlines last year due to the fact that its owner has put it on sale for a very modest price – $34,000. Most likely it was done following the arrest of a certain Paunch, creator of the next exploit kit we’re going to talk about.

Blackhole Kit – the most prevalent web threat of 2012, it targets vulnerabilities in old versions of browsers such as Firefox, Chrome, Internet Explorer, and Safari as well as many popular plugins like Adobe Flash, Adobe Acrobat, and Java. After a victim is lured or redirected to a landing page, the kit determines what is on the victim’s computers and loads all exploits to which this computer is vulnerable.

'Paunch' Arrest Puts Blackhole Hackers on Data Diet, Kaspersky's @K_Sec weighs in. http://t.co/uao2eINlkZ via @TechNewsWorld

— Kaspersky Lab (@kaspersky) October 15, 2013

Blackhole, unlike most of the others kits, has a dedicated entry in Wikipedia, although after Paunch’s arrest the kit itself has almost died out.

Conclusion

Exploits are not always detectable by security software. To successfully detect exploit the security software should employ behavior analysis – it’s the only good way to beat exploits. Malware programs may be plentiful and varied, but most of them have similar behavioral patterns.

What are exploits and why they are so scary?

Tweet

Kaspersky Internet Security, as well as other Kaspersky Lab’s flagship products employ a technology which is called Automatic Exploit Prevention and uses the information about the most typical behavior of the known exploits. The characteristic behaviour of such malicious programs helps to prevent infection even in the case of a previously unknown zero-day vulnerability exploit.

More information on Automatic Exploit Prevention technology is available here.


Source: kaspersky.com

Translate this article

TAGGED: Chrome, Firefox, Malware, Microsoft, Microsoft Office, Networking, Phishing, PoC, Proxy server, Security, Social engineering, Software, Split tunneling, Threat, Threats, Vulnerabilities
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 22 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

22 hours ago
Network performance update: Birthday Week 2023
Apps

Network performance update: Birthday Week 2023

23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?