Recieving Virus's from websites

i just read a post which was talking briefly about getting virus's from websites, how do you recieve a virus from a website? is it common and how do you prevent it from happening.

when you connect to a website you get to reach their site by travelling to the appropriate IP. which will automaticaly give the site my IP. how would a virus be uploaded to my pc? is there some kind of malitious code in the html or are hidden packages sent through ports? what ports would these be? and are there programs out there that allow to see exactly what files & data are being transfered.

the more feedback the better, im trying to be quite vague about this subject so i can get as much of a general understanding as possible

:D

Quote:

---

Originally posted here by Konshuss
is there some kind of malitious code in the html {.....}

---

You've answered your own question ;)

Quote:

---

and are there programs out there that allow to see exactly what files & data are being transfered.

---

For starters you could look at the source of the webpage. Another option is to use a good sniffer like ethereal and sniff the HTTP traffic. You will have to know something about HTTP, HTML and scripting languages like javascript and vbscript to be able to make sense of it all.

You can encode executable files so that it can be safely transfered through what would normally be just ANSII then find a way to execute these files or you can use scripts and applets. Anything that is considered "active or additional content". You can also use java script and VBS as droppers for executable files. I have posted examples such as this many... many... many... many... times, I have even had some people bitch about what it drops so this time around the script will only drop a picture in C:\ then execute it.

Lame question answered. Time has been wasted. You've been entertained far enought. I think that its fair to either say...

'nuff said
or
go read a book!

best way to prevent em is by having ur AV updated.
What happens is when you visit a website, everything in that page is transfered to your Temp folder, which will be overritten at some point. You should check ur temp folder sometimes, ud be surprised as to how much junk ud find in it. anyhow as they have said, some virus execution codes are hidden within the html code or maybe in the java script. and these files can be easily transfered to ur pc as u load the page. Norton usually picks up webpages that have malicious stuff embeded in em. it picks up the stuff on ur temp, usually da .html file in question and tells u if it contains malicious material.

dats how mine works. having a firewall is handy too... just few months ago, my girlfriend got hit by SASER just few moments after she turned her firewall off, and i mean moments. it just came in without warning, she was just checking her neopets account.

Obviously, the most common way to pick up a virus is from downloading files. P2P file sharing networks are breeding grounds for viruses and malicious code. It's also quite easy and common for a site to host intentional 'bad' code. These sites uses various methods (some of them quite ingenious) to take advantage of trust relationships between your browser and console, or by exploiting some 'bug' in the browsers software. I don't have enough patience to go into all the details here, but if you want to learn more try looking up scripting languages (VBScript, JScript) ,also DOM, ActiveX, and subscribing to newsgroups that discuss the behavior of web browsers would probally be a good start.

As far as protecting against these attacks, there's a few things you can do to reduce the
chances of picking up malicious code. I never have believed there is a way to completely
make your system invincible to attack, there's always going to be bugs, and there's always going to be a ways to make applications act in unanticipated ways (bugs). This way it's important to audit and periodically review your systems performance. Regarding safe surfing, make sure you do the following:

1. Turn of active scripting of webpages (Not just JScript and VBScript, but all lesser known scripting languages as well) for nontrusted sites. Keep in mind though, that some pages require scripting to function properly, and this step is basically a trade of between functionality and security.

2. Disable ActiveX for nontrusted sites (PERIOD). This is very important. ActiveX has been a 'BroKeN' technology right from the start. These modules when downloaded and installed
have an enormous amount of power and ability to modify the system (They will run in the context of the user in most cases).

3. Make sure you stay ahead of recently uncovered exploits and vulnerabilities by doing your spftware updates and patches.

I know someone is going to post and say, 'But you forgot to mention ?', this is not a tutorial, but just some common sense recommendations for newbies out there. I made no attempt to cover all possibilites, just scripting and activex (Since these are the most common avenues of attack while surfing.). I hope this helps...

AUDIT AUDIT AUDIT...

thanks for the info i found it interesting & helpful

BUT! yet again, another compter nerd has to throw my question back in my face by saying it was a lame question and i should read a book.
NO, i shouldnt have to read a whole book, i probably will read one at some point and i will learn all the things i need to know regarding this subject, but for the time being i am reading other books on other topics!
when something pops into my head of interest to me and i do not know where i can find an immediate answer i put a post up and look forward to the reply, im fed up of asking questions and getting arrogant replies like this, why do people have to take things so seriously!

thanks neptuneOz you gave me exactly what i was looking for ;)

there are many ways to get your browser to download and execute "anything", from java scripts to spoofing mime types in html headers. all of them take advantage of vunerabilities in the browser. the best way to keep this from happening is to keep up to date on you patches. its also a good idea to protect your registry as trojans and viruses depend on it to restart with your computer. two good ones are tea timer that installs with spybot search and distroy and the cleaner from moosoft.

while a good av with up to data virus signitures will catch all known trojans and viruses, with a malicious web sites its possible for the creeps that own it to modify the way their malware appear to av scanners, altering its signiture to bypass av scanners and thereby stay one step ahead of the av companies but these creeps are not the ones that discover the vulnerabilities that allow them to plant their malware. these security holes are known to the software manufacturers usually before they are known to the malware writers and patches for these holes are usually released before the first exploit is written for that hole.

and of course a firewall will protect your computer from internet worms but will do nothing to stop you from unintentionally downloading a backdoor, virus or trojan dropper. your making the request for the download even if you dont know it so its ok as far as the fw goes.

Just a couple of extra thoughts I didn't see mentioned:

1. Get the latest java runtime stuff from Sun and use that rather than MS.

2. In your browser Java settings, disable Java cacheing................nasties like ByteVerifyer go and hide there ;)

http://digilander.libero.it/zancart

Get "WinSonar"...........when it detects an internet connection it will prompt you if it should block unknown processes...........say yes, unless you are updating software.

It is like a firewall, in that you will have to tell it the "known" processes that are allowed.

There are a number of other tools like RegistryProt from DiamondCS and WinPatrol from BillP Studios. Also spyBot S&D has an immunisation facility.

Don't forget a good firewall and configure it in high security mode.

That should avoid a fair bit of what is "on the market" at the moment.


;)