Posted in: Computer Security February 25, 2016

Antivirus

By Dan Gospe

“Exploit Kits” are sophisticated programs that help virus and malware developers infect target PCs – and they are very, very effective.

Exploit kits are readily available on the Dark Web, and contain code that can easily be attached to a virus.  This code seeks out flaws, vulnerabilities or weaknesses in software applications, which are then used as conduits to infect their targets – most importantly, simply avoiding email links and having antivirus is no longer enough protection.

Exploit Kits Bring New Infection Paths!

In the past, virus developers had to write a program that would infiltrate a specific weakness in a target PC, the most common being bad email links or malicious advertising.  However, virus infections have many more avenues of infection, and because of exploit kits, it’s now possible to become infected without even clicking a link!

Exploit kits work as a piece of software which scans your PC for avenues of infection that bypass your antivirus software.

Adobe Flash is the most common piece of software that viruses are installed from; you can see the Known Flash Vulnerabilities here.  These vulnerabilities are patched quite often, but many PC users ignore calls to update Flash, perhaps not understanding the critical nature of keeping this program up to date.

In fact, Flash is not the only software that can be used to infect a PC regardless of antivirus in place.

Exploit Kits: Virus Programming for Beginners

It doesn’t take a lot of computer knowledge to apply an exploit kit to a virus. In fact, exploit kits come with a very user friendly interface, and very little programming code is necessary to successfully attach the kit to a virus.  The criminal merely needs to open the interface, and check the boxes for which vulnerabilities to scan for.  The cost of these kits to criminals varies depending on which software vulnerabilities to scan for.  As mentioned, Adobe Flash is the most commonly used, but many more modules are available.

What Software is Considered Vulnerable?

Essential Security Patches

The list above are the most common programs that Exploit Kits use to infect PCs.  Each of the programs have the ability to execute system code, and are regularly updated with security patches that must be applied.

Patch Management is the industry term used to manage updates to vulnerable software, and in a business environment, it is an absolute “must”!  Patch Management is as important as antivirus for protecting against exploit kits.  The kits can only scan for known vulnerabilities, and as soon as a vulnerability is known, the software company will release an update.  You must be diligent on your software updates in order to remain protected.

How to Protect Yourself – Updates and Antivirus

Some software updates cannot be automated from within the software itself.  However, there are many third party tools that you can utilize that will automate these updates for you.  If you have an IT company which handles your network, ask if they have a service to automate all of your updates.  If they do, make sure it covers all of the programs targeted by exploit kits.

In terms of antivirus, make sure you have one that includes Process Scanning, such as Bitdefender.  Active Process Scanning means that not only are virus definitions used to locate viruses, but all Windows Processes are monitored for any kind of malicious use.  For example, the Windows Encryption Service can be monitored to protect against Ransomware, but only when using an antivirus with process scanning.

More Information on Exploit Kits

For more information about exploit kits, you can read about their evolution from Trend Micro, a leader in business-class antivirus software.

Dan Gospe is the Chief Operating Officer and HIPAA Privacy Officer at dmi Networking, Inc.  He can be reached through the contact form on this site, or in his office at 707-523-5915

Exploit Kits – Virus Infections are Far Too Easy