Thursday, February 2, 2017

Does Anti-virus software slow down your machine ?

If you are about to disable your Anti-virus and other security related plugins/software on your machine because it slows down your machine, this post is for you. is the The Browser Exploitation Framework(BeEF) available with default installation of Kali Linux. A black hat hacker could refer it's hook.js JavaScript file in any page, which if opened on victim's browser, hacker has the full control on victim's browser to execute commands beyond imagination e.g. getting all the browser cookies, extensions information, control web cam, pop-ups to enter passwords while browsing legitimate websites and so on. For complete list refer to

How BeEF tool works:
 It keeps on hitting BeEF server from victim's client browser to get updated version of hook.js (interval defined by Config yaml at server) and execute it, when server side Utility of BeEF server attacks, say attacker run command give me webcam, a different version of hook.js is fetched to victim in next periodic call from browser to BeEF server: in this example. And victim client post results to attacker as per new hook.js given to it.

 You may verify such actions on client machine using F12 ( Developer Tool) > Network tab in most of the browsers like chrome,IE, Mozilla etc or using fiddler.

How to defeat this tool:

1. If this hook.js periodic hit is blocked on victim's browser and notify victim in popup, its a temporary fix. The best place for this stuff to do could have been a utility running on client machine/browser code itself/extension to browser.

2. You may use unhook code in your browser extension very similar to ( The tool use the code mentioned to stop watching (unhook) the victim.
3. Another method could be blocking the Attacker's domain altogether as done by (Vegan Chrome extension)

4. "utility running on client machine" called anti-virus have updated definition to let the system aware of these type of attacks. For example
Windows default anti-virus is aware of many attack vectors BeEF tool uses like Exploit: JS/Aimesu.A, Trojan: Win32/Spursint.F!cl , Exploit: JS/ShellCode.gen

Bottom line is you must not disable your Anti-virus software, just because it slows down your machine. Above all, you must not open malicious websites which may have been using hooks from plenty of such exploitation tools. Might be, the tool they are using is custom made and no anti-virus software is yet aware of attack vectors and how it works!! Typically, websites which offer you pirated content cost you much more than you could think of.

When it comes to government organizations and financial institutes, there is a reason they block everything else than trusted web addresses and domains. Even the most sophisticated technologies may be vulnerable to Cross-Site Scripting (XSS) attacks and attacker could inject just hooks in supposedly secured websites.

No comments:

Post a Comment