Announcement

Collapse
No announcement yet.

List of malware attack avenues

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    List of malware attack avenues

    I saw a program for Windows called "HiJackThis", which included a readme.txt file which contained an interesting enumeration of some of the ways a Windows box, or a browser, can be compromised.

    The different sections of hijacking possibilities have been separated into the following groups.
    You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

    R - Registry, StartPage/SearchPage changes

    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be

    F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry

    N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla

    O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Think of that file as a lexicon of HijackThis's detection methods. The utility is actually pretty good; it's been around for a while and is mature. Fortunately, when TrendMicro bought it, they didn't destroy it. Even better: it's now freely available on SourceForge.

    The larger point here is that once a piece of code can run locally on your machine, it can do whatever the program's user context will allow. If you're logged in as administrator (or root) and browse the web, well, then you're allowing the Internet to be the administrator of your machine. Double plus ungood.

    Comment


      #3
      In my Windows days, I used to use Hijackthis all the time. Its one of the best utilities out there to get rid of malware, but it can be dangerous if you dont know what youre doing.

      Comment


        #4
        Originally posted by SteveRiley View Post
        ....
        If you're logged in as administrator (or root) and browse the web, well, then you're allowing the Internet to be the administrator of your machine.
        Probably the best kept computer secret in computer land, REGARDLESS of the OS you run.
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment

        Working...
        X