Answer the question
In order to leave comments, you need to log in
A
A
Alexey Nikolaev2016-12-19 19:04:54
Alexey Nikolaev, 2016-12-19 19:04:54
Is it true that it is impossible to infect your computer with a virus when surfing on dubious sites?
Good evening.
Leaving aside click-jacking and other similar things (against which the antivirus is useless anyway), is it true that infecting the computer of an ordinary user (who does not download anything, or downloads, but does not launch), for example, with a porn banner, through Web is impossible in principle?
As far as I can tell, there is no way to do this in js, and any embedded applications are severely limited by browser security policies (I know about holes in plugins, but I mean an application without holes, or with unknown vulnerabilities, plus plugins like java or flash you can just not use it). But maybe there are ways to attack users that I don't know yet?
Thanks in advance.
5 answer(s)
@Heian
possibly.
One of the options for the so-called. "ligaments".
As a rule, they are rented out for a number of thousands of dollars.
They have a set of browsers that they "punch through".
Breakthrough - installation/launch of malicious code on the victim's computer.
The essence of the bundle is a set of exploits for bypassing various security systems and the browser environment, i.e. with the help of different holes crawl into the system. Naturally, all this is done automatically and the holes are used depending on the browser in which the site loaded with the malicious code.
In chrome, for example, the flash player will load through the hole.
In IE through a hole in JAVA
, etc.
Last seen on sale for 3-5k dollars. More precisely, rent for 1-3 months seemed to be.
According to the description, it pierced all the latest versions of browsers at that time - about a year ago.
Most likely, and now there are such things, and will not disappear anywhere.
But it's hard to find, most likely only in the torus and the like.
@Rou1997
What does "unknown" mean? What is the meaning of this word if we are talking about reverse engineers, and they are often the first to know about vulnerabilities?
But you can’t rely on JavaScript with an abundance of APIs either, its implementations in different browsers can have vulnerabilities and “bugs”, the probability tends to 0 but not 0, I opened crashchrome.com six months ago, now I opened it in one of the newest versions and it’s all still works.
If it's a virus and not a trojan, then it doesn't need cross-browser compatibility.
But now I’m working on a Trojan, the possibility of infecting files is not planned, because on Android this is naturally difficult, however, according to the customer, this Trojan is installed precisely through remote code execution and this will be enough for its popularity, that is, this vulnerability was closed on Android quite late.
@Taraflex
https://www.mozilla.org/en-US/security/advisories/
A
Alexander Aksentiev, 2016-12-20 @Heian
Is it true that it is impossible to infect your computer with a virus when surfing on dubious sites?
possibly.
One of the options for the so-called. "ligaments".
As a rule, they are rented out for a number of thousands of dollars.
They have a set of browsers that they "punch through".
Breakthrough - installation/launch of malicious code on the victim's computer.
The essence of the bundle is a set of exploits for bypassing various security systems and the browser environment, i.e. with the help of different holes crawl into the system. Naturally, all this is done automatically and the holes are used depending on the browser in which the site loaded with the malicious code.
In chrome, for example, the flash player will load through the hole.
In IE through a hole in JAVA
, etc.
Last seen on sale for 3-5k dollars. More precisely, rent for 1-3 months seemed to be.
According to the description, it pierced all the latest versions of browsers at that time - about a year ago.
Most likely, and now there are such things, and will not disappear anywhere.
But it's hard to find, most likely only in the torus and the like.
R
Rou1997, 2016-12-19 @Rou1997
or with yet unknown vulnerabilities
What does "unknown" mean? What is the meaning of this word if we are talking about reverse engineers, and they are often the first to know about vulnerabilities?
But you can’t rely on JavaScript with an abundance of APIs either, its implementations in different browsers can have vulnerabilities and “bugs”, the probability tends to 0 but not 0, I opened crashchrome.com six months ago, now I opened it in one of the newest versions and it’s all still works.
If it's a virus and not a trojan, then it doesn't need cross-browser compatibility.
But now I’m working on a Trojan, the possibility of infecting files is not planned, because on Android this is naturally difficult, however, according to the customer, this Trojan is installed precisely through remote code execution and this will be enough for its popularity, that is, this vulnerability was closed on Android quite late.
A
Alexander Taratin, 2016-12-19 @Taraflex
I know about holes in plugins, but I mean an application without holes
https://www.mozilla.org/en-US/security/advisories/
Similar questions
W
L
X
XenTerSeO2015-10-18 20:16:23
How dangerous is it to allow users to upload any files to the server?
1Reply
D
6
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question