IceInSpace - View Single Post

sil (Steve) · #9 12-04-2019, 11:35 AM

Quote:

Originally Posted by leon

I clicked...

thats the root cause there. Most people are not away that a hyperlink is not JUST a hyperlink and doesn't just do one thing like to to a webpage. Embedded in the emails can be a scripting language that activates on a mouseclick inside the email where its active. so looking is not just looking.
by displaying the email in the first place you have to be logged into a computer and a piece of software etc. All of which required your permission so you've logged in somewhere along the way and most people's account on their home computers are essentially and administrator level account so you can do anything like install or remove programs or whatever you want right? with me here? the way computer permissions work is by inheriting from the top down so when you log onto your computer the mouse and keyboard control software and drivers have inherited your admin level permisions otherwise every mouseclick or keyboard stroke they would ask you to login in again. The window UAC system many find intrusive is a compromise barrier to help protect people from their own idiocy of "knowing better", which they just dont.

In plain english, buy just viewing an email its already inherited a number of permissions to do various things which can include scripting languages (nothing to do with viruses) that can make working with emails nicer and easier but provides cracks for exploits to be run. by then clicking on the link, any link, you've just given implied concent and addition permission priveledges to the email and its scripting. This scripting may not even do much itself but typical attack vectors are because its now been given enough permission to talk to the internet, read and write to your hard drive it may do something like download a tiny installer quickly while it has internet access and you may see a pop up saying you need to run this security patch. This is just a message box that can say anything at all and an ok button, but what it usually is is a piece of code maybe powershell that will create a somewhat hidden user account with the same admin level of permissions as you have since you can do that as an admin. so it gives you a message of bs with a button, pressingthe button is an action requiring permission to execute the code so in effect you as an admin have just told given permission to a bot of code to elevant its permissions and/or create an account with the same level of access as you yourself. this means it can now go and download larger programs in the background since it no longer needs your permission, is has same access as you do so requires no interaction from you anymore. It can add things to run at startup like a keystroke logger and can look for files on your drives and network and send them off in the background. As well as now installing other forms of viruses and malware. Your internet security software isn't much help because from a technical level a bit of code asked your permission to do something which you granted (unknowingly) so it thinks all is well until this initial bit of code starts running something malicious thats known. so they use a bunch of things and if virus scanners kill those it doesn't effect the original item and how these things can sit dormant on a machine for a long time.

So not just for Leon but for everyone. This advice is always given but never followed by people. But its there for your own protection and you as computer users are a bunch of useless idiots. Seriously. Offended? Tough you should be and take note to stop continuing to be one. Its like people who drink and drive, sure in practice you may make the 1km drive home each weekend but run over one person and its not bad luck, its entirely your fault for continuing to do the wrong thing all the time, knowingly. Argue your case all you want, still the attack victim is you not me. Computer and Network Security has always been a part of my life both working and personal. Call me a Grey Hat if you want but I get paid for this stuff and end users are certainly idiots and can only give advice on what to do to protect yourself. Its NOT a debate. Every person's computers including my own are under constant attack and it only take one smart ass to think they know better and click that link just to look to start the avalanch. And because it doesn't become apparent at the moment doesn't mean it hasn't started. When I say they can do absolutely anything you need to fully comprehend that, its not just simple obvious things, but damn complex and obtuse things. Just because think something isn't worth someones effort to attempt you can be certain at least a dozen ARE doing it.
you'll do whatever you want regardless so good luck with that, genuinely trying to help here so not going to baby you all, the truth hurts but its still the truth.