What is a Computer Explot?
Top 5 Types & Examples
How many times have you clicked “Cancel” instead of “Install” when prompted to update your software thinking that you’ll do it later, only to end up forgetting about it? Although updating your software can be quite time-consuming, it is essential to your online safety. If you continue using outdated software, you are opening the door for cybercriminals to steal your files and access your personal information.
Key takeaway: A computer exploit is a piece of code or software that exploits security flaws in operating systems and applications. Although not malicious in itself, an exploit will use any vulnerability it detects to deliver malicious software to unprotected computers and networks. Read on to learn about the main types of computer exploits and the best ways to stay safe online.
What is a Computer Exploit?
A computer exploit is a piece of code or software that identifies security flaws in applications, systems, and networks and takes advantage of them for the benefit of cybercriminals. Normally bundled with other software and distributed as part of a kit, computer exploits are typically hosted on compromised websites. Hackers may send out phishing emails to trick potential victims into visiting these websites.
When you visit one such site, the exploit kit hosted on it will secretly scan your computer to determine which operating system you’re running, what software you’re using, and whether any of them have some security flaws or vulnerabilities that the attacker can use to access your computer. As a rule, most exploits target commonly installed browser plug-ins like Microsoft Silverlight, Adobe Flash, and Java. Before it was discontinued by Microsoft in 2016, Internet Explorer was also a common exploit target.
Although some would classify them as malware, computer exploits are not malicious in themselves. On the contrary, they merely provide a channel that hackers can use to distribute malware to target computers and networks. Since exploit kits are hosted online and not downloaded to your computer, they can’t infect your system. However, as soon as they detect security vulnerabilities in your operating system or the software you’re running, exploit kits will give malware directions to enter your computer.
Just a few years ago, computer exploits were responsible for distributing 80 percent of all malware installations, but things have changed in recent years. Exploit kits nowadays have a very limited shelf life because most software vulnerabilities are easily rectified with a simple update or a patch. As long as you keep your browser and the installed plug-ins up-to-date, you will likely be safe from most exploit kits.
What Types of Computer Exploits Exist?
All computer exploits can be organized into the following two categories:
- Known Exploits
As the name suggests, known exploits are computer exploits that have already been investigated and identified by cybersecurity experts. Since they are known and well-documented, developers can create patches to fight these exploits and fix the flaws that they are targeting. When the patches are released, the release info usually will typically include a full list of issues that have been fixed in the latest version.
Despite the fact that the targeted security flaws are easily rectified, some of these exploits manage to persist long after they have been discovered. The reason for this is quite simple: with dozens of pieces of software installed on their machines, computer owners may find it hard to keep up with all the security patches and fixes, so they opt to update the software at irregular intervals rather than daily or weekly.
- Unknown Exploits
Unknown exploits are computer exploits that haven’t yet been identified, researched, and reported on by cybersecurity experts. This could either mean that cybercriminals are the only ones aware of the flaws targeted by these exploits or that software developers couldn’t create a fix for this issue as fast as hackers could build a corresponding exploit kit. Also known as zero-day vulnerabilities, these flaws can sometimes take months to rectify, which gives hackers plenty of opportunities to distribute malware.
Unlike known exploits, there is often nothing you can do to prevent unknown exploits from targeting your machine. Even if you’re using up-to-date software, hackers can still take advantage of its flaws to breach your security. This is why they are always on the lookout for user reports on the most recently detected security flaws before developers have had a chance to analyze them and create a patch.
The 5 Most Active Exploit Kits
Cybersecurity experts regularly track the activity of known computer exploits to assess how big of a threat they pose and determine how hackers are using them for their own personal or financial benefit. Some of the most active exploit kits in the last few months include the following:
First launched in 2017, Rig is by far one of the most successful exploit kits. Combining technologies like Flash and DoSWF to mask the attack, it is used by hackers to distribute ransomware and banking Trojans. Distributed as part of so-called “malvertising” campaigns (malware posing as advertising), Rig has experienced a gradual decline in activity since April 2017, but still remains widely used across the globe.
- GreenFlash Sundown
GreenFlash Sundown is an updated version of Sundown, an exploit kit that was among the most active in the world before it went missing in April 2017. Discovered in October 2017, GreenFlash Sundown has an anti-analysis feature that prevents most anti-malware programs from detecting it. Distributed via a network of compromised OpenX ad servers, this threat is particularly active in South Korea and Taiwan.
Active across Europe and Asia, Fallout scans a potential victim’s browser for vulnerabilities and uses multiple 302 redirects to take them to a fake advertising page that will initiate malware download. Discovered in August 2018, this is one of the newest exploit kits that utilize the same URI patterns as the now-neutralized Nuclear kit. The patterns change all the time, which makes Fallout very hard to detect.
Magnitude remains one of the few exploit kits to use a fileless payload, which means that it extracts malware into a legitimate-looking executable file (.exe) that usually cannot be detected by anti-malware programs. Like GreenFlash Sundown, Magnitude is particularly active in South Korea and Taiwan. This kit is also known for delivering Magniber, a strain of ransomware that focuses solely on South Korea.
How to Protect Yourself against Exploits
To protect yourself against exploit kits and the malicious software they deliver, you must update all the software on your computer on a regular basis. Computer exploits can also take advantage of outdated cybersecurity programs, which is why you should use the best antivirus software that automatically checks for and installs database and definition updates and allows you to set up scheduled scans.
Because hackers use phishing and malvertising campaigns to distribute their exploit kits, you also need to practice safe browsing habits. This means that you should never click on links or attachments sent to you from unknown email addresses. Similarly, you shouldn’t download software or any other files from unknown websites. As many popular websites continue ditching Flash and Java for safer alternatives, you should also consider uninstalling these two browser plug-ins, as well as any others that you’re not using.
While all this should keep you safe from known exploits, there’s no way to protect your computer from zero-day exploits. If despite all the prevention your machine somehow becomes infected with some type of malware, use the best antivirus software to quickly detect and remove any malicious files.
- Fire Eye
- MalwareBytes (1)
- MalwareBytes (2)
- MalwareBytes (3)
- Nao Sec
- Palo Alto Networks
- TrendMicro (1)
- TrendMicro (2)
- We Live Security
- Z Scaler