Arcabit introduces new mechanisms to block network activity scripts and applications that support scripts

Imagine this scenario: hairdo morning as every day you come to work and you start computers to check your favorite news sites. You land on a page that was last night any subverted, or any subverted was the company relying on the display ad campaigns. Your favorite service contains the vulnerable code, typically in the form of a redirect to a malicious site that contains the web-app to search for vulnerabilities in browsers, and installed. This target, dangerous party, hereinafter referred to as the "landing page", begins to scan for vulnerabilities in installed software on your computer. Once you have found the appropriate vulnerability, malicious software installs itself on your computer and without any interaction starts:

Diagram of the attacks, drive-by download.

"Exploit kit" is an online applications that have a graphical interface. This makes it easier to support people who do not have advanced knowledge of programming and activities and build your network. Their task is the compilation of several scripts in such a way that the offender can easily and automatically deliver a malicious payload on the device. The operation to provide a link to the malicious page is possible in several ways:

  • through a scam,
  • from phishing scams,
  • by hacked friend's account on the social networking site,
  • by malicious ads,
  • by zhackowaną.
GUI RIG Exploit Kit version 2.0. Retrieved from.

To infect a victim's device is not required user interaction, that is, download and run the virus. Just visiting the site. landing page, just to start the automatic infection. Computers that do not have a comprehensive protection, and installed software is not updated regularly, they become very easy targets of attacks. This gives the hacker an opportunity for remote access and escalating effects of handling security.

If you haven't had occasion to see our test concerning protection against drive-by download, is the best time.

Arcabit programs for businesses and consumers get a very important update

In response to our tests and won on the importance of system attacks tools and macro commands that run malicious scripts, Arcabit programs for businesses and consumers, have been extended with the new locking mechanisms network activity scripts and applications that support scripts (. exe, wscript. exe, cmd. exe).

Gregory Parker, ceo of Arcabit, comments:

New features, developed and tested together with specialists from the portal allow the effective blocking of attacks through malicious software using scripting languages. The effectiveness of the new solutions confirm an innovative test drive-by download recently conducted by the portal AVLab.

In the context of the test drive-by download (but not only), we were able to help more than a dozen producers, who partycypowali in our efforts to make their software more reliable and protect against modern forms of attacks. Brick in the wall we have ensured security to programs that provide Arcabit their users even higher levels of protection based on the new rules for the "firewall".

Arcabit Administrator console configuration Administrator.

"Block network activity"-Check Your antivirus Arcabit definitely have this function.

Sample report warning that the network access attempt blocked by the interpreter.

A similar warning for the system application wscript .exe responsible for running virus type of downloader, that are usually written in the programming language JavaScript.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.