Saturday, February 5, 2011

Java Drive : The Next Generation of Threats


Nothing is 100% safe, Not even a simple pop-up window on which you click Yes without giving it a second thought. Ask yourself, Did you ever care to think , every time you clicked on a pop-up(like the one shown below) that you were playing in to the hands of a malicious attacker.




From now onwards, look at it once more to check whether it is malicious or not.

"Drive-by download" is basically the “download of any malicious/unwanted content on a computer without the knowledge of the user”

It's a fake webclient or you may call it a fake certificate, whose sole purpose is to take control of your system. It may be through the installation of Keyloggers,viruses or trojans.

In terms of programming, it’s a simple Java applet.
If you’re a good programmer, you could make one of those yourself.

Now, in the case of common users, they won't think of the pop-up as anything but a tool required to see a flash video or view a webcam, or even a simple HTML page. Thats why this attack is so much widespread and successful.

This type of attack is by far the simplest to pull and does not rely on any particular kind of vulnerability. The Java Runtime is the only browser-embeddable object which gives such a degree of access from simple Web pages. Flash, Adobe Reader, and even Signed JavaScript (disabled by default) wont allow you to do all of these, mainly because it is highly insecure!

If you have never seen anything like this, it is a warning shown when the security certificate is crypted.

This does'nt mean that the Java platform, in particular, is vulnerable and that we should avoid all objects online using java. Infact it is an awesome platform for web apps. The main thing here is the human factor which is highly exploitable.

The aim here is to just expose the widely used hacking methods online.
Use a good antivirus. Keep updating your browsers. Don’t run Active-X content unless you’re sure what it is.

It is just like a hidden pop-up box saying,

“Do you wanna give the whole access to the attacker”

And you click YES!!

So, before you click, think twice!!

Happy Hacking!

Aditya
Email : adityagupta1991@gmail.com
FB : aditya1391

7 comments:

  1. i didn't know all that about java before i read this and i also always clicked yes without thinking about it... now i'll pay more attention with stuff like that... thanks for the information... you've helped a lot...

    ReplyDelete
  2. good information for user awareness more such basic articles need to be publicly available.

    ReplyDelete
  3. Gud job dude...its helpful for preventing us from falling in trap of hackers!!

    ReplyDelete
  4. stupendous job....thnx fr makin us aware of dis stuff!!!

    ReplyDelete
  5. g8t job man,,,, highly appriciable work.

    happy hacking.

    ReplyDelete
  6. good work buddy ........
    keep it up!!!!!!

    HAPPY HACKING

    ReplyDelete