Visit the Wrong Website, and the FBI Could End Up in Your Computer

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers’ clutches within minutes.

Now the technique is being adopted by a different kind of a hacker—the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.

The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it’s also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants. Critics also worry about mission creep, the weakening of a technology relied on by human rights workers and activists, and the potential for innocent parties to wind up infected with government malware because they visited the wrong website. “This is such a big leap, there should have been congressional hearings about this,” says ACLU technologist Chris Soghoian, an expert on law enforcement’s use of hacking tools. “If Congress decides this is a technique that’s perfectly appropriate, maybe that’s OK. But let’s have an informed debate about it.”

More
 
  • Like
Reactions: Chromatinfish 123

marg

Level 12
Verified
May 26, 2014
581
Its a sick world.:( How about other sites using the drive by download. Can you get infected by just visiting a site or must the user have to click on something or other action on the part of the user.:confused:
 
  • Like
Reactions: Venustus

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
I assume this is referring to the Javascript exploit which was used to unmask TOR visitors to the defunct Freedom Hosting sites. The less security concious TOR users that is, who hadn't configured NoScript correctly and were using an outdated version of the TOR Bundle ;)
 

Chromatinfish 123

Level 21
Verified
May 26, 2014
1,051
Its a sick world.:( How about other sites using the drive by download. Can you get infected by just visiting a site or must the user have to click on something or other action on the part of the user.:confused:
Just by visiting the site, they use the same technique as if when you download something from CNet, SourceForge, or Chrome site you get redirected to a page, yet the download starts automatically. But in recent days, it has become even worse, the download won't be shown yet it will do it automatically into the temp folder. Freaky and scary...
How to prevent this: Download NoScript/Disable Javascript...
 

Dubseven

Level 14
Verified
Aug 12, 2013
694
Its a sick world.:( How about other sites using the drive by download. Can you get infected by just visiting a site or must the user have to click on something or other action on the part of the user.:confused:
Drive-by malwares are the most dangerous..
You have ONLY to visit, nothing more, the malware use an exploit of your browser to download and execute himself in temp automatically.

How to prevent this: Download NoScript/Disable Javascript...
You can't protect your computer against that with NoScript.
With disabling javascript you can't too.
It's using browsers exploits, nothing can protect you against that, only your antivirus if it's able to detect this behavior or with a update of your browser. All news updates protect you against older version exploits.
 
Last edited:

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Standard safety advice for TOR users is to disable all plugins and media content including Flash, Java, Javascript, Silverlight etc. But also Font tags (which are loaded remotely), and iframes, amongst still others. You would seriously be surprised the amount of TOR users who are also consumers of child pornography who will happily download an EXE file without thinking twice. I guess we can be thankful for their ignorance at least.
 
  • Like
Reactions: marg and Venustus

Chromatinfish 123

Level 21
Verified
May 26, 2014
1,051
You can't protect your computer against that with NoScript.
With disabling javascript you can't too.
It's using browsers exploits, nothing can protect you against that, only your antivirus if it's able to detect this behavior or with a update of your browser. All news updates protect you against older version exploits.
Before you could, nowadays they are much more clever and rely on browser exploits. The classical one, like when you download something from SourceForge the download auto-starts, probably are not there anymore. But NoScript will protect from those.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top