Protect Your PC Against Exploits

Easy things you can do to protect against one of the fastest growing threats on the Internet.
–PC Pitstop

Protect Your PC Against Exploits

By Bob Rankin

Drive-by downloads — malware delivered to random Web site visitors — are one of the biggest, fastest-growing threats on the Internet. Learn how they spread across the web, and some easy things you can do to protect against these dangerous exploits…

Exploits Kits Are Big Business

It was a surprise to me when I first learned that the developers of malware don’t try to keep their creations a secret. To the contrary, they’ll typically offer it for sale to other hackers after they’ve used it themselves. This “used malware” is traded online in hacker forums and other venues where sellers bundle malware packages into “exploit kits” and sell the kits to crooks who have more money than programming talent.

In my recent article, Drive-by Download Dangers, I discussed how they’ve become so ubiquitous. The rather amazing sophistication of this malware is described in the latest Security Intelligence Report from Microsoft.

Exploit Kits

The malware delivered in drive-by downloads is recycled stuff, in most cases. Each malware package exploits a different vulnerability in a browser, its operating system, or its add-ons. (Add-ons are the most frequently vulnerable and exploited of the three targets.) A newly discovered vulnerability against which there is no defense (called a zero-day vulnerability) is more valuable to bad guys than an older, well-known one for which patches have been developed and distributed.

A zero-day vulnerability is typically sold by its discoverer to another crook who has a specific, high-value target in mind. Most likely, the target is a large corporation or institution whose IT environment hosts lots of valuable, exploitable data such as users’ personal identity and financial data, or trade secrets. The crook who buys the secret of the vulnerability creates malware that takes advantage of it. He then launches his attack against XYZ Corp. and succeeds or fails. Either way, after the primary attack he has a piece of malware that cost him plenty to develop, and it has re-sale value.

The profits from exploit kits can be substantial; the people behind the Win32/Reveton family of malware reportedly grossed over $50,000 per day in fees derived from exploit kits. Don’t think for a second that I’m offering this information as a helpful money-making tip, though. There’s an encouraging trend in the past two years, where law enforcement agencies have been taking down these cyber criminals. I discussed one recent example in GameOver and Cryptolocker Busted.

Article Continued Here

Excerpt shared with permission from Bob Rankin.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles