How are systems being exploited today (OS vulnerability vs malicious email attachments) ?...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is there any hard data out there regarding how the typical Windoze PC
becomes infected with a trojan / backdoor ?

I'm thinking specifically in the case of XP, where the tech-press and
the commercial interests of Micro$oft and it's ecosystem of companies
are prone to spreading FUD about the pending status of XP, as if it's
about to be stripped naked and exposed to the full force of hackers - to
essentially be in the same horribly vulnerable state it was in back when
it wasn't ready to be given to consumers back in October 2001.

How does the typical XP box (sitting behind a NAT router, running the
native XP incoming firewall) become infected these days?

Is there hard data that the OS itself is vulnerable?

If you subtract all cases where users don't click on malicious email
attachments, and if they keep their browser, flash, java, acrobat
software updated, then going forward how does XP present itself as
vulnerable?


Bonus question:

What was the last version of IE that runs on XP, and is that version
still being supported by virtue of support updates supplied for Vista or
Windoze 7?

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

Virus Guy has brought this to us :
Quoted text here. Click to load it

They exploit the user.

Quoted text here. Click to load it

Same as before. For years it has been client-side software exploits of  
vulnerable applications and not so much OS vulnerabilities being  
targetted.

Quoted text here. Click to load it

IE8


http://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx%3fc2%3d14019



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

FromTheRafters wrote:
  
Quoted text here. Click to load it

Since practically all Windows systems have "users", that is not a useful
nor informative answer.

If a hacked DNS server results in your browser being directed to a
malicious server that exposes your browser to an exploit, is that really
an exploitation of the user?

Note that the above scenario is different than using social engineering
to lure a user to point his browser to a malicious server or URL.

What specific activity, performed by a user, is the most common way that
a windoze system becomes infected with malware?

Is a browser exploit that results in running remote code the
responsibility of MS to patch via WU if the browser is not IE?

Quoted text here. Click to load it

I am looking for hard data in terms of percentages that would indicate
by which route a typical Windoze machine becomes infected with malware.

A lot of noise is being made of the end to WU patches for XP.

I want to know what practical effect these patches have on the REAL
exploitability of XP in home or SOHO situations.

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

Virus Guy has brought this to us :
Quoted text here. Click to load it

Yes, it is. The basic idea behind software vulnerability exploit is to  
take the user out of the loop. Without any software vulnerabilities  
being exploited (as in these recent samples) the idea is to get the  
users to execute the malware themselves.

Quoted text here. Click to load it

No, that would be a software exploit with the user being directed to  
the exploit server. The user in this scenario would not have the  
opportunity to make the right choice.

Quoted text here. Click to load it

Yes, but the type of malware in question is not software exploit based.  
The user is tricked in the usual way for a non-software-exploit based  
trojan. He is basically tricked into following the direction to the URL  
in the spammed 'come-on'.

Quoted text here. Click to load it

Clicking on an executable file because he or she thought it was  
something other than what it really was - this is the essence of the  
'trojan' vector. If someone didn't know that  
document.txt[whitespace].scr with a notepad-like icon was acually an  
executable file for instance.

Quoted text here. Click to load it

It is the responsibility of the software vendor whose application (or  
add-on or whatever) is being exploited to provide the patch - and the  
responsibility of the user to keep up to date with regard to patches.

Quoted text here. Click to load it

Lately, it has been mostly by exploiting the user. There have been some  
Microsoft Silverlight exploits recently, but mostly Java, Flash, and  
PDF as far as I know. Maybe google will help find stats.

Quoted text here. Click to load it

Mostly FUD but there *is* a legitimate concern that some OS exploits  
could come to light and XP users will have to use work-arounds with no  
support being offered.

Quoted text here. Click to load it

I would guess that it isn't as bad as some would have you believe.



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

FromTheRafters wrote:
  
Quoted text here. Click to load it

Can anyone give an example (other than Stuxnet) of a known/real "rash"
of exploitation/infection of real, actual windows XP computers that
arose somewhere in the world over the past year that is directly
attributable to said computers not installing a specific WU patch?

Or an example during the past year of a WU patch that was created
BECAUSE or in response to a malware exploit detected in circulation in
"the wild" ?

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

on 4/1/2014, Virus Guy supposed :
Quoted text here. Click to load it

CVE-2013-5065

It's a privilege escalation exploit though, so it would likely have to  
be used in conjuction with a remote code execution vulnerability, a  
remote code execution exploit, or a classic trojan.



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

on 4/1/2014, FromTheRafters supposed :
Quoted text here. Click to load it

I should clarify that a little. A remote code execution vulnerability  
in application software (PDF, Java, Flash, etcetera), or one in the OS  
proper, can use this to escalate privilege. There is also a fairly  
recent Microsoft Silverlight dereferencing vulnerability exploit that  
allows an attacker to get around ASLR.



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

FromTheRafters wrote:
  
Quoted text here. Click to load it

So again, it's not clear that an appropriately-patched pdf reader, or
JRE, or flash player, or Silverlight (which I believe MS is going to
abandon silverlight?) would render a system to be "protected" against
CVE-2013-5056.

Again I ask what patches or fixes for XP that came through WU during the
past year were to address remote-code execution vulnerabilities that are
NOT facilitated by a flaw in third-party software (such as from Adobe,
Mozilla, etc)?

Have there been any WU patches that if not obtained would render the
average XP system exploitable even if said system was up-to-date and had
all patches and fixes for all third-party software installed on it?  
(assuming we are not talking about IE)

And I asked about the last version of IE that will run on XP (which
apparently is 8) and what the support end-date was for it.  I got a URL
as an answer, and either I didn't understand what was being displayed on
those URL's, or my (old) browers did not actually render the end-date in
plain text anywhere on my screen.

I've tried web searches for IE 8 support end-date, but can find no
definatively-stated calendar end-date.

I would have to assume that MS has been supporting IE8 up till now and
will do so until the very last WU update for XP which is due in a week
or so.

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

Virus Guy explained on 4/1/2014 :
Quoted text here. Click to load it

Whatever.



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

On Tue, 01 Apr 2014 20:15:36 -0400, FromTheRafters wrote:

Quoted text here. Click to load it

10 points for the effort. :-)

Thane

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?


Quoted text here. Click to load it

http://technet.microsoft.com/en-us/security/advisory/2953095

Hasn't been fixed yet though, so doesn't actually answer your question,
but there have been many, in the last year, which I'll let you search
for.

Regards, Dave Hodgins

--  
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

David W. Hodgins explained :
Quoted text here. Click to load it

Now he will rephrase again to eliminate the need for "Word" as a  
facillitator.



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

On 4/1/2014 6:09 PM, Virus Guy wrote:
Quoted text here. Click to load it


Off the top of my head I couldn't say. But why take someone else's word?  
Why not fire up a fully updated WinXP system, open up Windows Updates,  
select "Review Update History" and research the KB#'s for all of the  
Security updates that are listed?



--  
Are we having fun yet?

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

On 2014-04-02 8:12 AM, Rick Simon wrote:
Quoted text here. Click to load it

'Cuz that would mean VG would have to do the grunt work hisself.

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

Wolf K has brought this to us :
Quoted text here. Click to load it

...and start calling himself "Research Guy".



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

FromTheRafters wrote:
Wolf K has brought this to us :

Quoted text here. Click to load it

Interesting how you people dump on me for asking questions that show how
insecure you are when you admit that you also don't know the answer.

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

On 2014-04-02 8:55 AM, Virus Guy wrote:
Quoted text here. Click to load it

Yeah, but we know how to get them. So why should we share the answers  
with you? Why _would_ we share the answers with you?

You rejected one of my responses as "not helpful", yet I pointed out all  
the evidence needed to decide that the suspect e-mail (and any  
attachments) was bad stuff. Then, when you posted what you found in the  
attachment, I informed you that it contained bad stuff ( a .scr file),  
and corrected one of your, erm, misunderstandings.

No thanks, no acknowledgement.

So I repeat, why would anyone share their knowledge with you?

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

Wolf K wrote on 4/2/2014 :
Quoted text here. Click to load it

I won't anymore, that's for sure.



Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

FromTheRafters wrote:
  
Quoted text here. Click to load it

That's no loss.

I can't recall that you have ever offered any actual, meaningful
information or knowledge to one of my questions.

Re: How are systems being exploited today (OS vulnerability vs malicious email attachments) ?

On 2014-04-02 9:41 AM, Virus Guy wrote:
I wrote:
[;;;]
Quoted text here. Click to load it

Whether or not "this file" is an exploit can be answered without looking  
at its innards. Attachments _of all types_ are know to be used conveyors  
of malware. Repeat: Attachments Of All Types.

So the first question to be answered is, Is there any evidence that this  
attachment on this particular message is likely to contain  malware?  
Answer, yes, for the reasons I gave. I certainly wouldn't open it  
without all kinds of safeguards.

Unless you want to set up shop as a virus hunter, you don't need to know  
more. If you want to be a virus hunter, first stop is a professional  
course in how to do it.

You're welcome.

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Site Timeline