1

I read somewhere that entering a malicious website can infect your machine without you noticing it at all. When someone wants to infect other's computers he has to pass two challenges (as I see this).

The victim needs to get the malicious payload.
The malicious payload should be executed.

First, the victim should get the attacker's malicious virus. It could be a simple raw exe file, dll lib, or even a png file that contains the virus and etc. My first question is how is it performed? When I see others ask the same question, the answers often refer to social engineering techniques only. Is there any way to do it fully automated without the user clicking on stuff? And if not automated what are the most popular ways to do it?

The second stage in the infecting process, after the victim downloaded the payload to his machine, is to execute the malicious payload. I have seen many creative ideas on the internet such as hiding the virus in a picture or hiding it in a word document but they never mention that this file also needs to be executed.

For example, a hacker can run a website on his own machine and redirect traffic on his local network (using DNS poisoning or ARP spoofing) to his website (which can pretend to be the original web). I want to highlight that stealing the victim's credentials is something else, the goal is to infect the victim's machine with the malware. Anyway, after the victim landed on the hacker's website what can a hacker do from this point? From my understanding javascript can not access the shell anymore because browsers have blocked it. Can a hacker use php to run exe files on the victim's machine?

I don't mean that only fully automated solutions for this challenge are acceptable. I am just interested in what is the most automated way to do it. For example, using social engineering to trick someone to download a file is cool. But is there a way to execute it automatically?

Daniel Bartov
  • 13
  • 3
  • Yes, it is very helpful. However, I am asking also about if there is a modern way that requires the user to download a file but the part of the execution happens without his action. – Daniel Bartov Nov 02 '20 at 15:45
  • Have a look for example at DLL hijacking vulnerabilities, where a malicious DLL in the download directory (from an earlier download) gets picked up by a later download (for example an installer for an innocent program) and thus the malicious part gets executed without explicitly executing it by the user. – Steffen Ullrich Nov 02 '20 at 15:52
  • 1
    Also see [Google reveals a new Windows zero-day bug it says is under active attack](https://techcrunch.com/2020/10/30/google-microsoft-windows-bug-attack/) for how a bug in the browser can be used to automatically and silently escalate the privileges. Bugs allowing such drive-by-downloads are less common since Java, Flash and ActiveX plugins vanished and sandboxes got better, but they still exist. – Steffen Ullrich Nov 02 '20 at 15:56
  • 1
    Autonomous remote code executions all have virtually the same attack vector. Exploiting an unpatched vulnerable app, like Windows, Browser (extension), Adobe Acrobat, Skype, Silverlight, Java, bundled NodeJS, etc., or combination thereof. This applies to MITM attacks as well, since they rely on the exploitable app(s) being installed on the victim's system to execute the payload. Other considerations would be the victim's security settings, open ports, etc. or if a Trojan is installed by the victim (presently or in the future) – Will B. Nov 02 '20 at 17:10

0 Answers0