1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to Block the New Drive-by Exploits

Discussion in 'Windows - Virus and spyware problems' started by 2oldGeek, Feb 6, 2014.

  1. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Occasionally a drive-by download will prompt users to take an action that allows malicious software to take over their machines. The most common example of this today is rogue antivirus software. You'll visit a web page when suddenly a popup window that looks like a legitimate antivirus program appears on your computer; indicating that it's detected a virus and asking you to click for a free virus scan

    While rogue anti-virus software and exploits like it are a real danger, these days they aren't the biggest threat because only some of the [drive-by download] attacks rely on people to accidentally click something. The ones that are completely independent of user interaction are the most devastating.

    Today there are Drive-by downloads that work by exploiting vulnerabilities in web browsers, plug-ins or other components that work within browsers and they can take place a number of ways. For example, you can be innocently cruising the web when you happen upon a site that downloads malware onto your computer without any interaction. The site could have been set up by cybercriminals, specifically for the purpose of infecting people's computers, or it could be a legitimate website that cybercriminals compromised through existing vulnerabilities in the site.

    Infection Links are becoming widespread and you no longer have to click on them to be infected. Even on sites you think you can trust.

    Most of these new drive-by exploits are using Scripts and are not blocked by a router. That’s because it’s coming from the site you just clicked on therefore, the router thinks you have requested it and will allow all scripts to run.

    How to protect yourself?

    One option is to use NoScript (Firefox) and ScriptSafe (Chrome, formerly ScriptNo): Both disable all scripts from running on pages without you specifically adding them to an allow list. This includes Java, JavaScript, Flash, Adobe and others. They're powerful, but they're also really aggressive, and will break an awful lot of sites. They are a pain in the pa-toot if you use them while cruising the internet; you have to be up to the task of digging through scripts on every new site you visit to figure out which ones will make the site even work properly.

    What about my AntiVirus?

    As some of you know, I test Free security software to determine the best products to combat malware. Some of the Paid AV’s have a script shield but until this year No Free AV had one. Avast! 2014 is the first and Only Free AV with a real time script shield and it works beautifully.

    I am really impressed with Avast! 2014. In the past 2 weeks I have tested avast against 155 Zeroday malware, javascripts, exploit kits, bots, Trojans, etc. etc. and it blocked them 100% (bareback). That’s not to say it will always do that well, that’s why in my real computer I always back it up with MBAM Pro and K-9 web protection for the nasty dudes it might miss ..


    Here’s something to keep an eye on if you really want to use a free av like AVG, Avira or anything without a script filter:

    MBAE Beta, Malwarebytes Anti Exploit. I have been testing it since it has been in beta and it’s really doing good. Malwarebytes will be sending me an Alpha version soon for testing and I’ll let everyone know. Don’t know what the price is going to be yet..

    Any questions? I left out a lot of details : )

    2oG
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    thank you very much my erudite old friend.
     
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    erudite? No, just eccentricity's..
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    By the way, I'm in a VM testing MBAM 2.0.0501 beta. looks like another gold ring so far.
     
  5. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    cool.i finally got pro version.i like it.
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Your lifetime license will work with ver 2 when released... maybe late march.
     
  7. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    good deal.just installed k-9 as well.
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    You know you can schedule scans and have it update auto. I have mine set to update every 15mins. Sometimes get 16 or so updates a day.
     
  9. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    ive got the auto update on but prefer manual scans.i even remember to do them periodically.lol
     
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    But I'm old and have CRS. I have more tasks scheduled than most could deal with. lol
     
  11. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    feel for you.im a little lysdexic myself.
     
  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    I just Can't Remember Shite!
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    I missed this earlier. I know you'll like it. I have mine set for blocking spyware/malware sources, spyware effects, suspicious, phishing and then under other settings, filter secure traffic. I don't set it to block porn that way when I go to those sites (for test purposes) it only blocks the malware there. [​IMG]
     
  14. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    that sounds good to me.what settings am i looking at to do that? or would i have to do a custom setting for that?
     
    Last edited: Feb 6, 2014
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    click the k-9 icon to open it, click on settings, enter your password (you have installed it, correct?) look it over and if you can't figure it out, send me a question....
     
  16. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    got it.
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Sorry I didn’t get this sent to you last night, I had misplaced it. lol
    K-9 User Manual -> HERE
     
  18. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,537
    Likes Received:
    16
    Trophy Points:
    68
    thanks.
     
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    You’re more than welcome, old friend..

    Looks like you have it together, I know you will like K-9.
    At this time, for my customers and clients, I recommend:

    1. A router with SPI firewall. To stop the scans on WAN, port 80 normally.
    2. Avast 2014
    3. K-9
    4. MBAM Pro

    Today I tested against 79 ZeroDay Attacks and Avast caught all 79…..
    On a lot of them K-9 was the first to block and after disabling it, Avast got it!

    Currently in the process of testing MBAE beta (anti exploits) and MBAM ver. 2 beta. Both are looking exceptional but still have bugs. Will try to keep all informed of the progress.

    2oG
     
  20. Deadrum33

    Deadrum33 Active member

    Joined:
    Jul 23, 2005
    Messages:
    2,011
    Likes Received:
    0
    Trophy Points:
    66
    Just wanted to say I cleaned some adware off a friends machine and since he never paid for Nortons after the free trial expired months ago, i deleted it and gave him free Avast2014. Also hid his Internet Explorer icons,while making the already-installed Chrome browser more prominent and adding AdBlock Plus to it. Nothing serious,just saying thanks for giving an updated best practice guide.
     

Share This Page