What are Web Based Exploits?

An exploit is any piece of software that has been designed to expose or use vulnerabilities in other software. These exploits act by taking advantage of flaws in the software program to create as much havoc as possible.

Called by a wide variety of names such as 'silent infections', 'drive-by downloads', 'unassisted infections' and 'behind the scenes malware installations', they all do serious damage to your computer system. Unfortunately, it is very difficult to keep up with the disclosure of vulnerabilities, which leaves the individuals who enjoy causing problems with the opportunity to wreak their havoc, to the detriment of everyone else.

The following list explains the vulnerability lifecycle:-

1. The application is released to the public.

2. An unethical researcher or a malicious hacker discovers a vulnerability in the application but doesn't notify the vendor. Instead, they provide this information to malware writers for money or other reward. The malware writers create malicious code to exploit the vulnerability. These threats are not known to the anti-malware companies, so no detection exists; this is what is commonly referred to as zero day malware.

3. The vendor of the vulnerable application learns of the flaw through public channels. This can happen in a variety of ways, usually as a result of the hacker's findings being leaked on underground forums, through user or partner communications, or through parallel investigative work being conducted by ethical researchers.

4. Proof of concept code doesn't carry a malicious payload but simply serves to prove the viability of the findings and that, without a patch, the vulnerability could be exploited by real malware. A proof of concept code is mainly used to convince the vendor that the vulnerability is exploitable.

5. After the vendor assesses the vulnerability report and concludes that a patch is required, it starts developing a security fix.

6. The vendor creates a patch that mitigates the vulnerability. A security update is distributed using the standard update procedure for that application.

7. The user installs the vendor's patch to protect the application against vulnerability exploitation.

Somewhere between stages two and seven, the exploit emerges and starts to infect vulnerable users. This period is called the window of opportunity, when a hacker can “own” users’ systems without their knowledge by taking advantage of the found and unpatched vulnerabilities.

Thanks to Agnitum for the above information.

www.agnitum.com/news/securityinsight/issues/october2007