0

I would call my self a security aware computers professional, and I was asking my self for a long time now allready. How can it be that male-ware gets onto my computer wihtout me actively playing it or accepting an information about it?

I reinstalled some weeks ago my windows and did the following things in this order(given that all download were done from their official webpage):

  • installed win7
  • upgraded it to win10
  • installed mozilla
  • downloaded and installed kaspersky (with pre-existing license, if matters for features)
  • isntalled putty, winscp, tortoise, steam, battle.net and teamspeak, and downloaded software I own on those platforms.
  • did some ssh stuff between my server and my personal pc to get backups of important projects.
  • installed flash and adobe and surfed a bit through the web. (watched southpark streams on the german offical southpark site)

especially the last point probably is what caused the trouble, naimingly kaspersky detected 2 days ago 3 trojaners and 2 adwares on my computer.

that page was until some days ago hsoted by comedycentral, but that seemed to have been changed. And it now appears pretty harmfull. My pc is since I watched the streams pretty slow and so on.

But now my actuall question is:

In case I'm right in the assumption that all the previous steps won't have been able to inject harmfull software to my pc, then I'm concluding that there are ways (with java script?!) that are parsed by the browser into creating files on my computer and doing additional changes on my pc making it possible that those files are executed at some point automatically.

But why should browsers implement such features? And even if they were so important and required, why am I not even informed or asked by my browser about possibly harmfull executes?

I mean for making a just created file beeing at some point automatically executed, there would have to be taken changes on my computer that shouldn't be that common for website applications, or am I wrong and it isn't that common that websites need to acces i.e. my registrys?

So from that point, why does it happen, that js features are supported from a browser that do such config changes on my pc, and why is the rbowser not even asking me about me beeing fine with it?

And for the future, are there other ways to protect against it, except deactivating js?

Or could it be something entirely different?

Zaibis
  • 711
  • 1
  • 4
  • 16
  • My two recommendations: Be careful where to download your applications - not every download site is legit. And: remove Flash. – Lukas May 07 '16 at 17:50
  • Google "drive by downloads". And there's no way I would be confident that your installs didn't bring malware. – Neil Smithline May 07 '16 at 18:25
  • @NeilSmithline: why you wouldn't be confident about it?? – Zaibis May 07 '16 at 18:27
  • The possible duplicate just tells me that he is aware of somethign I'm not so far (but I'm gonna google it now) and the answer sounds to me like "Keep your browser up to date and you won't get those malwares" doesn't actually sound for me like explicitly what I'm asking for. there are a lot of sites that are known for these behaviors. if there are such scurity breaching bugs in the browser well known how to exploit them, I actually can't belive it wouldn't be fixed fast enough, and conlcuding, that can't be the only posibillity that answers my question – Zaibis May 07 '16 at 18:32
  • Malware installing itself as part of another app's installation is not uncommon. For example http://www.howtogeek.com/198622/heres-what-happens-when-you-install-the-top-10-download.com-apps/ – Neil Smithline May 07 '16 at 18:33
  • @NeilSmithline: Yeah thats true. but qhen I'm downloading lets say for example, MSVS from something like xxx.microsoft.com/nomorepointscontainedinanyform why should I expect getting maleware from that link? adressing your howtogeek link, I especially mentioned that my resoruces are only the software providers pages. and this to be expected as set. People using 3rd party isntallers just because they are easy to acces are a whole different problem I don't want to talk here about. – Zaibis May 07 '16 at 18:37
  • 1
    Microsoft is certainly more likely to be secure than CNET. Regarding the browser companies fixing vulnerabilities fast enough, they try, but they fail. You can't protect against a 0-day until you've seen it. – Neil Smithline May 07 '16 at 18:40
  • @NeilSmithline: ofcourse you can't, but it is also not that liekly that there are almost each day new vulnearbilitys detected that could be exploited with the impact of inducing and enabling own executable data. I'm well aware of this. But thats not the kind of scale it would affect, is it? – Zaibis May 07 '16 at 18:48
  • No, modern browsers do not intentionally make features that are security risks, and most go to great lengths to prevent even small abuse with a feature. There is no downloadAndRunWithoutAsking type of function. The attacks against browsers and more-commonly browsers plugins are exploits which take advantage of various bugs to do something never intended. – Alexander O'Mara May 07 '16 at 18:49
  • Ok, so the browsers tiself are more the security risk, and not the stuff they do intentually. But shouldn't open source browsers be pretty much kind of seek n destroy? Or am I underestimating the difficulty of fixing such bugs? – Zaibis May 07 '16 at 18:55
  • 1
    @Zaibis - there are currently 1534 Firefox vulnerabilities that have been publicly announced. Based on that alone, I think it is fair to say that the difficulty of fixing these problems is non-trivial. – Neil Smithline May 07 '16 at 19:00
  • @NeilSmithline: consider formulating that into a answer. – Zaibis May 07 '16 at 19:03

1 Answers1

2

Drive-by downloads are a real threat. These enable a website to exploit a 0-day vulnerability in your browswer to execute malicious code on your system. Note that sometimes websites are hacked to behave maliciously without the website's owners being malicious.

While browser manufacturers work to fix security problems quickly, the 1534 publicly announced Firefox vulnerabilities are proof that this is a difficult task. Flash is also another well-known source of security problems (currently 1039).

It is also possible that one of your downloads came with malicious files in it. Sites such as CNET are notorious for this.

Neil Smithline
  • 14,842
  • 4
  • 39
  • 55