What can a malicious website do?

Discussion in 'Computer Security' started by Edw. Peach, Aug 21, 2004.

  1. Edw. Peach

    Edw. Peach Guest

    I am not a computer geek and have just a basic understanding of what
    goes on under the hood. I am curious just what a malicious web site
    can do to one's computer? How are they able to run programs and
    change settings so easily?

    I'm guessing that they find ways in that are part of the normal
    routine of interacting with a web site, like for instance use controls
    that allow normal interaction (maybe sound, or animation that runs)
    and then piggy backs a program of their own, or something like that?

    Why aren't they ways of disabling any exe files other than the
    absolutely necessary ones from running? There must be other ways a
    user can protect him/her self from invasive intrusions by such sites.

    So, somehow these sites gain access to a person's settings, and
    changes them? I still don't understand why there aren't more controls
    on such access.

    If anybody knows of a web site (a safe one...LOL) that describes some
    of these actions, I'd be very interested in reading it.

    Thanks
    Edw. Peach, Aug 21, 2004
    #1
    1. Advertising

  2. Edw. Peach spilled my beer when they jumped on the table and proclaimed in
    <>

    > I am not a computer geek and have just a basic understanding of what
    > goes on under the hood. I am curious just what a malicious web site
    > can do to one's computer? How are they able to run programs and
    > change settings so easily?


    It's either the security settings on the browser, or some exploit for that
    browser(<cough>IE><cough> :) )

    > I'm guessing that they find ways in that are part of the normal
    > routine of interacting with a web site, like for instance use controls
    > that allow normal interaction (maybe sound, or animation that runs)
    > and then piggy backs a program of their own, or something like that?


    Close. There are, supposedly, ways to do things, and install things using
    javascript/.vbs scripting. Someone setting up a site can easily hide those
    in it.

    > Why aren't they ways of disabling any exe files other than the
    > absolutely necessary ones from running? There must be other ways a
    > user can protect him/her self from invasive intrusions by such sites.


    Well, they're not .exe or .com fimes so...

    Basically, when I ran Windows, I did not use IE. (Mozilla and Netscape in
    my case) I know others have changed their security settings to not allow
    these things to run as easily.

    > So, somehow these sites gain access to a person's settings, and
    > changes them? I still don't understand why there aren't more controls
    > on such access.
    >
    > If anybody knows of a web site (a safe one...LOL) that describes some
    > of these actions, I'd be very interested in reading it.


    I'll try to hunt one up...but you might take a walk through Cert.org's
    site...

    NOI
    Thund3rstruck_n0i, Aug 21, 2004
    #2
    1. Advertising

  3. Edw. Peach

    Kleeb Guest

    On 2004-08-21, Edw Peach <> schrieb :
    > I am not a computer geek and have just a basic understanding of what
    > goes on under the hood. I am curious just what a malicious web site
    > can do to one's computer? How are they able to run programs and


    I wonder if so many rogue sites would be so successful in 'attacking'
    un-modified IE users if said users ran as something other than computer
    'Administrator' ?

    Maybe someone more familiar with Windows' built-in security with regard to
    user access could answer this one for me ? Or can IE (for example) be
    manipulated easily regardless of access level ?

    Cordially,

    Kleeb.
    Kleeb, Aug 21, 2004
    #3
  4. Edw. Peach

    Felix Tiede Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Kleeb wrote:
    | On 2004-08-21, Edw Peach <> schrieb :
    |
    |>I am not a computer geek and have just a basic understanding of what
    |>goes on under the hood. I am curious just what a malicious web site
    |>can do to one's computer? How are they able to run programs and
    |
    |
    | I wonder if so many rogue sites would be so successful in 'attacking'
    | un-modified IE users if said users ran as something other than computer
    | 'Administrator' ?
    |
    | Maybe someone more familiar with Windows' built-in security with regard to
    | user access could answer this one for me ? Or can IE (for example) be
    | manipulated easily regardless of access level ?
    |
    | Cordially,
    |
    | Kleeb.
    I'm not deep in Windows' security...
    If a site is 'attacking' a non-Administrator user, it should at least not be
    able to shut down system services like an antivirus program.

    What they still could do is to use a buffer overflow in one of the running
    services, gaining Administrator privileges almost without user interaction.
    This depends on the interaction settings of the service:
    A service without an open port and without "desktop communication" (I don't
    know how this is called in english, in German it's "Datenaustausch mit
    Desktop") is harder to attack than those which have these things.

    However, this depends on the ability to store arbitrary code in the victims
    RAM, but AFAIK that can be done relatively simple from within IE...
    Disabling features like js/vbs and ActiveX will make that task harder to
    accomplish, but not impossible.
    But it's also not impossible from within Mozilla...

    To be more specific about your last question:
    I've heard of ways to work around IEs security levels, but I don't know if
    this is still actual or if there has been a patch for that.
    Having this in mind the only way to have greatest possible security with IE
    is to deactivate every active feature in every zone to reduce the risk of
    being infected by a buffer overflow.

    Long story short:
    A malicious website would have a hard task to shut down your virus scanner,
    if you're surfing not as 'Administrator', but it's still not impossible to
    corrupt your system. And once it's running with Administrator privileges
    your virus scanner will be defunct very fast...


    Greetings,
    Felix
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBJ7yrDH+mFzdSOa0RAjiAAJ9VGV0t7zo1rwGBtG5DPUxtdHAobgCfTGs1
    Cy7j9MIegZvDtua1JXWymJ0=
    =je6X
    -----END PGP SIGNATURE-----
    Felix Tiede, Aug 21, 2004
    #4
  5. Edw. Peach

    lurker Guest

    Felix Tiede wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Kleeb wrote:
    > | On 2004-08-21, Edw Peach <> schrieb :
    > | I wonder if so many rogue sites would be so successful in 'attacking'
    > | un-modified IE users if said users ran as something other than computer
    > | 'Administrator' ?


    > Long story short:
    > A malicious website would have a hard task to shut down your virus scanner,
    > if you're surfing not as 'Administrator', but it's still not impossible to
    > corrupt your system. And once it's running with Administrator privileges
    > your virus scanner will be defunct very fast...


    You are assuming that system files are the only important thing on a computer.
    If you login as a limited user and an IE exploit wipes your documents (that you
    just so happened to have forgotten to backup), it would have done no damage to
    the system, yet be devastating to you, the user. One could easily reinstall
    windows, since a convenient "backup" of windows itself is usually available
    with every new machine you purchase from a computer store on their install or
    restore CDs but some people don't backup their documents at all and could lose
    a lot of work if something were to wipe that.

    One way to keep your documents safe from potential IE exploits wiping them is to
    designate separate limited user accounts for separate tasks. Such as one
    account for document creation and editing, and the other account for browsing
    the web. With that setup, if something hijacks your IE and tries stuff, it
    wouldn't be able to accomplish much, nor would it be able to wipe your
    documents (unless it used another local privilege escalation security hole to
    pull it off, or unless you set your permissions on your other account to allow
    another user to modify/delete files from it) and cleaning any malware that
    installed under the web browsing account would be as easy as deleting the web
    browsing account entirely and creating a new limited user account compared to
    what would have to be done if that said IE exploit had full admin privileges
    and wiped all your important stuff (that you forgot to backup).
    lurker, Aug 21, 2004
    #5
  6. Edw. Peach

    Felix Tiede Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    lurker wrote:
    | Felix Tiede wrote:
    |
    |
    |>-----BEGIN PGP SIGNED MESSAGE-----
    |>Hash: SHA1
    |>
    |>Kleeb wrote:
    |>| On 2004-08-21, Edw Peach <> schrieb :
    |>| I wonder if so many rogue sites would be so successful in 'attacking'
    |>| un-modified IE users if said users ran as something other than computer
    |>| 'Administrator' ?
    |
    |
    |>Long story short:
    |>A malicious website would have a hard task to shut down your virus scanner,
    |>if you're surfing not as 'Administrator', but it's still not impossible to
    |>corrupt your system. And once it's running with Administrator privileges
    |>your virus scanner will be defunct very fast...
    |
    |
    | You are assuming that system files are the only important thing on a
    computer.
    | If you login as a limited user and an IE exploit wipes your documents
    (that you
    | just so happened to have forgotten to backup), it would have done no damage to
    | the system, yet be devastating to you, the user. One could easily reinstall
    | windows, since a convenient "backup" of windows itself is usually available
    | with every new machine you purchase from a computer store on their install or
    | restore CDs but some people don't backup their documents at all and could lose
    | a lot of work if something were to wipe that.
    |
    | One way to keep your documents safe from potential IE exploits wiping them
    is to
    | designate separate limited user accounts for separate tasks. Such as one
    | account for document creation and editing, and the other account for browsing
    | the web. With that setup, if something hijacks your IE and tries stuff, it
    | wouldn't be able to accomplish much, nor would it be able to wipe your
    | documents (unless it used another local privilege escalation security hole to
    | pull it off, or unless you set your permissions on your other account to allow
    | another user to modify/delete files from it) and cleaning any malware that
    | installed under the web browsing account would be as easy as deleting the web
    | browsing account entirely and creating a new limited user account compared to
    | what would have to be done if that said IE exploit had full admin privileges
    | and wiped all your important stuff (that you forgot to backup).

    You're completely right about that. Yes, I didn't mention that user files
    could be corrupted.

    But sometimes I think that those users who are ignorant to backup their
    files could do well with a "hard lesson". They'll never forget to make
    regular backups, wont they?

    I think not making backups because "I'm not using my working account to surf
    the net" is not so good...
    And there's another point: I can think of more times I needed the net while
    I'm working on something than of those when I surfed the net just for fun.
    It would be a PIA to change accounts only to look up a certain phrase for
    your current work, wouldn't it?

    No, I don't think using multiple accounts would suit me and I don't know
    many people who think otherwise. IMHO the only way to keep your valuable
    files secure is to make backups.

    Greetings,
    Felix
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBJ8ydDH+mFzdSOa0RAu1vAJ9UYFHELjzStd5Wt3MZE7P04cH0xgCfav4a
    bz4GeVgpmg2emZKXFyOG1GQ=
    =KQLq
    -----END PGP SIGNATURE-----
    Felix Tiede, Aug 21, 2004
    #6
  7. Edw. Peach

    Kleeb Guest

    On 2004-08-21, Felix Tiede <> schrieb :
    >
    > Long story short:
    > A malicious website would have a hard task to shut down your virus scanner,
    > if you're surfing not as 'Administrator', but it's still not impossible to
    > corrupt your system. And once it's running with Administrator privileges
    > your virus scanner will be defunct very fast...


    Thanks very much Felix for the info there.

    Cordially,

    Kleeb.
    Kleeb, Aug 22, 2004
    #7
  8. Edw. Peach

    lurker Guest

    Felix Tiede wrote:

    > lurker wrote:
    > | Felix Tiede wrote:
    > |>
    > |>Kleeb wrote:
    > |>| On 2004-08-21, Edw Peach <> schrieb :
    > |>| I wonder if so many rogue sites would be so successful in 'attacking'
    > |>| un-modified IE users if said users ran as something other than computer
    > |>| 'Administrator' ?
    > |
    > |
    > |>Long story short:
    > |>A malicious website would have a hard task to shut down your virus scanner,
    > |>if you're surfing not as 'Administrator', but it's still not impossible to
    > |>corrupt your system. And once it's running with Administrator privileges
    > |>your virus scanner will be defunct very fast...
    > |
    > |
    > | You are assuming that system files are the only important thing on a
    > computer.
    > | If you login as a limited user and an IE exploit wipes your documents
    > (that you
    > | just so happened to have forgotten to backup), it would have done no damage
    > | to
    > | the system, yet be devastating to you, the user. One could easily reinstall
    > | windows, since a convenient "backup" of windows itself is usually available
    > | with every new machine you purchase from a computer store on their install
    > | or restore CDs but some people don't backup their documents at all and could
    > | lose a lot of work if something were to wipe that.
    > |
    > | One way to keep your documents safe from potential IE exploits wiping them
    > is to
    > | designate separate limited user accounts for separate tasks. Such as one
    > | account for document creation and editing, and the other account for
    > | browsing
    > | the web. With that setup, if something hijacks your IE and tries stuff, it
    > | wouldn't be able to accomplish much, nor would it be able to wipe your
    > | documents (unless it used another local privilege escalation security hole
    > | to pull it off, or unless you set your permissions on your other account to
    > | allow another user to modify/delete files from it) and cleaning any malware
    > | that installed under the web browsing account would be as easy as deleting
    > | the web browsing account entirely and creating a new limited user account
    > | compared to what would have to be done if that said IE exploit had full
    > | admin privileges and wiped all your important stuff (that you forgot to
    > | backup).
    >
    > You're completely right about that. Yes, I didn't mention that user files
    > could be corrupted.
    >
    > But sometimes I think that those users who are ignorant to backup their
    > files could do well with a "hard lesson". They'll never forget to make
    > regular backups, wont they?
    >
    > I think not making backups because "I'm not using my working account to surf
    > the net" is not so good...
    > And there's another point: I can think of more times I needed the net while
    > I'm working on something than of those when I surfed the net just for fun.
    > It would be a PIA to change accounts only to look up a certain phrase for
    > your current work, wouldn't it?
    >
    > No, I don't think using multiple accounts would suit me and I don't know
    > many people who think otherwise. IMHO the only way to keep your valuable
    > files secure is to make backups.


    Well, no one said you had to use the accounts separately from each other. Both
    windows and linux offer the ability to run a program within another user
    account without logging out of the currently logged in user account. So one
    could run a web browser in another account and if something happens, its damage
    would be limited to its own account while still allowing you to easily refer
    back to the other program you had running in another account the same way you
    would with any normally loaded program, even allowing copying/pasting between
    them. I am not sure on windows, but in linux with KDE, you can even set
    application shortcuts for specific apps to automatically load in a different
    user account when clicked. The app would load like normal except it would only
    be able to access what that other user account can access unless you set file
    permissions to allow it more access to other things.
    lurker, Aug 22, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. miss calm

    malicious forged posts in my name

    miss calm, Aug 6, 2003, in forum: Computer Support
    Replies:
    13
    Views:
    654
    Mellowed
    Aug 10, 2003
  2. bjones

    Malicious websites

    bjones, Dec 8, 2003, in forum: Computer Support
    Replies:
    27
    Views:
    932
    trout
    Dec 9, 2003
  3. Ionizer

    Malicious JPEG vulnerability

    Ionizer, Sep 16, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    565
    Ionizer
    Sep 17, 2004
  4. boomo

    please help, malicious file, i think

    boomo, May 15, 2005, in forum: Computer Support
    Replies:
    13
    Views:
    961
    ellis_jay
    May 18, 2005
  5. Au79
    Replies:
    0
    Views:
    815
Loading...

Share This Page