What is an Exploit?
Exploits are attacks against a system that take advantage of one or more weaknesses in the system. These attacks usually take the form of intrusion attempts, denial of service attacks (commonly called DoS attacks) or attempts to destroy or capture data. It is not possible to anticipate all the methods of attack an exploit may use, but it is possible to define the likely delivery vehicles for those attacks and devise a protective strategy based on that knowledge.
How exploit attacks work with other malware
Often, an exploit detection on your PC is just one piece of a much larger attack. Hackers usually use a large number of exploits against different software to gain access to your PC.
An exploit detection may be triggered by your antivirus software when you visit a website that contains malicious exploit code - even if you are not using the vulnerable software being targeted. This does not mean that you have been compromised. It means that an attempt to compromise your PC has been made.
How exploits are distributed
The most common method used by attackers to distribute exploits is through webpages, but exploits may also arrive by email.
When you visit a website with malicious code while using vulnerable software, the exploit may be loaded. It’s important to note that some legitimate websites might unknowingly and unwillingly host malicious code in their advertising. This means that if you visit a site that is hosting these malicious ads an attempt to compromise your PC will be made.
Most vulnerabilities are preventable. You will significantly reduce your chance of being infected by an exploit if you keep all your software up to date.
- Updating your software
The most commonly detected exploits are those that attack vulnerable versions of Java.
You can prevent most Java exploits by making sure your software is up to date and removing older versions of Java.
- Update Java
- Remove older versions of Java
To protect yourself from email and web browser exploits:
- Never open e-mail attachments unless the attachment comes directly from someone you know (not forwarded) AND you are certain it is safe.
- Avoid the use of HTML formatting for e-mail. If you use HTML-formatted e-mail, be sure you have turned off active content in your e-mail client.
- Don't let curiosity get the better of you. If you don't know what something is, the correct action is to delete it, not run it.
- Keep your operating system up to date with patches