Let's suppose I am on Win 7 (no security updates since 2019) and I am connected to the internet but I only visit trust worthy websites such as facebook, youtube ect... I never download anything or click on any file or any emails. Am I still vulnerable to ransomware attacks ? I wanna know if this happens only when you execute a file that contains a malware or you can actually get it even if you don't do anything? thank you!
Asked
Active
Viewed 35 times
0
-
Are you running an anti-virus? Do you run regular malware scans? – spikey_richie Apr 07 '20 at 10:25
-
Facebook serves ads, websites have known to serve malicious ads, thus it's possible Facebook could serve you a malicious payload. The concept of "not downloading anything" does not do much in today's age. This attack vector works across all platforms. – Ramhound Apr 07 '20 at 15:00
1 Answers
4
Yes, you are.
One of the attack vectors via the Internet are ads. Even very reputable sites sell ad space via brokers, that may sell them (even unknowingly) to sub-brokers etc. until they arrive in the bad guy's hands.
Now ads most often are nothing else than iFrames - so an attacker by just buying ad-space for a few cents is able to run code in your browser: JavaScript and maybe more depends on your browser.
Since you have no updates, it is very likely, that a sandbox-escape-vector exists, that allows the attacker to jump from execution inside the browser to execution in the security context of the browser. With such an unpatched OS there definitely ARE vectors to escape from execution in the security context of the browser to execution in the security context of the system - which means game over.
Eugen Rieck
- 20,271
-
1@spikey_richie Thanks for editing out the spelling mistakes ... seems I was in a bit of a hurry ;-) – Eugen Rieck Apr 07 '20 at 14:39