Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Interesting way to scam for ransom via email
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 703565"><p><strong>The answer is Yes. Likely? No.</strong></p><p></p><p>New browser vulnerabilities are discovered all the time and when discovered can lead to drive-by-download attacks - bear in mind execution is required. Attack vectors like Powershell tend to be quite easy for deployment and are liked by attackers a lot - of course modern browsers like Google Chrome are a lot safer in comparison to Internet Explorer though. Old vulnerabilities may even still be exploitable to date, but may ask for your permission first (e.g. ActiveX abuse).</p><p></p><p>If a "file-less" attack can be deployed and code execution can be gained on the system, an attacker won't necessarily need elevated privileges to do such activities you're asking about. Notice how the Windows Store version of Skype for Windows 10 (metro-based) and also the Desktop version of Skype can access your web-cam and microphone at ease without a problem with no additional privileges? Any malicious software running as standard rights can do this as well.</p><p></p><p>Generally speaking, put masking tape over your webcam when you aren't required to use it. If it's a portable one, you can simply unplug it instead. I'm not a fan of built-in microphone devices but you can disable the device from Device Manager (which does require elevation - a lot harder to gain with maximum UAC settings) but personally I would rather have only a portable one which I could unplug as and when I want to.</p><p></p><p>Security software may have features for preventing unauthorised access to devices like your webcam and microphone, but it'll never be as reliable than pulling the plug for the cable, or masking tape/fully disabling the device. Personally I would not put full trust in such, but they still work well.</p><p></p><p>As for the e-mail, I agree it is interesting. It evolves around social engineering - the attacker pushes on emotions which you are vulnerable to. Most people reading that e-mail and believe it will shriek in horror and will be unable to think properly to realise it is a scam.</p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 703565"] [B]The answer is Yes. Likely? No.[/B] New browser vulnerabilities are discovered all the time and when discovered can lead to drive-by-download attacks - bear in mind execution is required. Attack vectors like Powershell tend to be quite easy for deployment and are liked by attackers a lot - of course modern browsers like Google Chrome are a lot safer in comparison to Internet Explorer though. Old vulnerabilities may even still be exploitable to date, but may ask for your permission first (e.g. ActiveX abuse). If a "file-less" attack can be deployed and code execution can be gained on the system, an attacker won't necessarily need elevated privileges to do such activities you're asking about. Notice how the Windows Store version of Skype for Windows 10 (metro-based) and also the Desktop version of Skype can access your web-cam and microphone at ease without a problem with no additional privileges? Any malicious software running as standard rights can do this as well. Generally speaking, put masking tape over your webcam when you aren't required to use it. If it's a portable one, you can simply unplug it instead. I'm not a fan of built-in microphone devices but you can disable the device from Device Manager (which does require elevation - a lot harder to gain with maximum UAC settings) but personally I would rather have only a portable one which I could unplug as and when I want to. Security software may have features for preventing unauthorised access to devices like your webcam and microphone, but it'll never be as reliable than pulling the plug for the cable, or masking tape/fully disabling the device. Personally I would not put full trust in such, but they still work well. As for the e-mail, I agree it is interesting. It evolves around social engineering - the attacker pushes on emotions which you are vulnerable to. Most people reading that e-mail and believe it will shriek in horror and will be unable to think properly to realise it is a scam. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
