Can a webpage be malware?

Показать описание

Рекомендации по теме

Комментарии

no?
This just speaks about the copy paste problem, but that's user side

Kimarnic

It's not HTML or JavaScript on a "normal" browser. It's Microsoft software causing your security issue here.

Tuepp

Can a book be malware? No? Well if you copy the code and run it on your CMD with admin privileges, then it can be! :) I like PCSC but man this video was a letdown. This "hack" is nothing but a clever social engineering. HTML isn't the problem here, page is basically downloading other stuff with JS.

jackjack

So as a web host and website administrator, these sorts of things have existed for a long time. They’ve been around in different ways, and sometimes malicious bots will actually inject this stuff into insecure webpages or webpages that don’t have proper permissions set to prevent this from happening so you can go to a website think it’s trustworthy and then you get a malicious redirect to a site that tells you to download this “safe” file and because it’s from the website you use you trusted, but then it’s actually malware or a rat or even worse ransomware. I’ve seen this for years and the companies I’ve worked for have actually had to suspend accounts and then clean up the users data ourselves because they didn’t know how to resolve it. Security is so important.

Atsumari

I literally almost got hacked with one of these last week. A website asked me to click one of those checkbox "I'm not a robot" captcha things, then it directed me to use commands like win+r, ctrl+v and enter.

When I saw that I was like, wait, what am I pasting. I then opened notepad and pressed ctrl+v and realised it was one of these mhsta with a url to download some kind of mp3 song. If I wasn't somewhat computer savvy, they woulda got ya boy.

traffictraffic

Doesn't mention browser sandboxes
Acts like you get insta hacked by opening a web page or veiwing an email
:/

sylussquared

Webpages have been malware for decades. Started with Java, went on with browser helper objects BHO and explorer active x executables... Zero click email exploits in outlook too.

LuggageStardate

You could have explained at what point does html become mshta? I understand that in browser it's standard html that cant run dlls and stuff but when exactly does the mshta become problem then?

test-rjvl

Thoughts on JSON as a vector? I'm getting strange spammy e-mail attachments with a JSON file. I never open the e-mail but always curious what the spammer or attacker is doing sending JSON files in their phishing attempts.

dudeh

Hi Leo. I doubt you'll read this but.... I've noticed how quite a few processes in ProcessExplorer have a command line attached to them with some odd looking commands and parameters. Can you shed some light on what do those parameters might mean and how do they work, and of course: are they malicious?

Oudeis

Just today i got this mshta link from a website. Instead of having the url link with html, exe or some weird extensions, it had .ogg (audio) extension. When i tried to access that link directly via browser from my virtual machine test environment, it actually downloaded a .ogg audio that could be played on a media player. How can they attack if the link points to an actual ogg audio file?

akilasupun

Don’t mix mshta with html. Teach the server security guys to use a good Content Security Policy (CSP) instead. Preferably with default using ’self’. It will effectively remove problems like XSS, click-jacking, inline scripting and other threats. Keep it simple and consistent.

HomeDoingFine

I just run into this yesterday and post on your discord channel

cobrabm

Is this the reason why Outlook by default do not load HTML elements in emails?

wolf

Plz make latest AV tier list like previous one including Kaspersky in the list

game

We quarantine all emails with HTML & equivalent attachments.

Capt-Intrepid

just rename mshta from system32 unless your using old browsers or work with the files, and this video does not answer the question if "clicking a webpage can get your system infected", most of the attacks 99% are from user side errors.

HydroRenex

noscript is nice to have especially on the riskier websites...

mikumikupog

Has anybody tried removing execute permission from mshta.exe? Anything that breaks is probably something you want broken.

daviddouglass

Will Bitdefender block these exploits???

dubbled

Can a webpage be malware?

Can a webpage be malware?

Kids vs. MALWARE!!

the most SECURE browser!! (testing it with malware)

What Is Malware and How to Protect Your Website From Attacks | The Journey

Can Malware Spread through Wi-Fi?

How to Detect and Remove Malware from Websites

Wyd if you get a virus? #shorts

Remove Virus without any Antivirus

How To Build A WordPress Website With HostGator 🔥 - (HostGator WordPress Tutorial!)

This Website Has EVERY Virus

Scan Your Files for Malware in Seconds!

Windows has a hidden malware removal tool | #shorts #trending #mrt #malware

Old man got Virus on His iPhone From Watching P*rn 😂 #shorts #iphone14 #apple #funny #iphone #ios

most dangerous Virus in Windows 10

Inside Cybercrime Markets: Buying & Selling Malware (Dark Web Documentary #11)

Clicking EVERY Ad on a Sketchy Website? (Malware Installed)

10 Signs of Malware on Computer | How to Know if you're Infected?

The Malware that hacked Linus Tech Tips

Virus removal #malwarebytes #toolset #laptoprepair

He got virus on his #iphone from watching p*rn ♋️ 😱 #shorts #apple #iphone13 #ios #android #samsung...

destroying windows 10 with chrome virus | the annoying site

I Tested Malware Against Antiviruses

How To Scan cPanel & Website For Removing Malware / Adware / Viruses!

When Windows Defender gets infected with a computer virus