It seems like I only ever run into two types of malware distribution

Social engineering ie: download this crack and run it OR click this link to scan your PC

or

drive by downloads


I never see real world episodes of a program being exploited to distribute malware.

 

would it be possible for you to send me a link for a drive by download which works on firefox?

i dont think i have ever come across one. am i right in assuming a drive by download is an attack which requires no user input for the malware to run? so a user just goes to a webpage and they automatically get infected?

 

Not only. A drive-by download is a nice way of saying remote execution. The source of such remote execution could be a flash drive, for example. Remember the LNK thing? There you go, that's a drive-by download.

But, Hungry Man, there's something you're confusing... a drive-by download needs a vulnerability in an application, so that an exploit can take advantage of it and initiate the drive-by download (in this case).

So, when you say I never see real world episodes of a program being exploited to distribute malware., it doesn't make much sense.

I've seen some sites mentioning that a drive-by download could also be something that someone knowingly downloaded but didn't understand what it was all about... Well, for me this is social engineering... making someone believe they need something... even if these people got no clue of what they're doing.

 

moonblood, can you give me more examples of drive by downloads apart from the LNK exploit as i personally dont consider them drive by downloads as a user has to have the infected file on their pc in the first place.

is there a way for a default firefox user to go to a webpage and get infected without user input? if so can anyone pm me a link as i have never personally seen this (all the more strange as i actively hunt for malware)

 

Drive by downloads don't need exploits? If I visit a site and it initiates a download and that download executes it's a drive by download infection. This is how that mac malware was spread.


edit: Treehouse, that is absolutely possible. Though finding a link to it wouldn't be easy.

 

I personally can't give exact examples, but I see them commonly. I'll admit, it happens mostly using IE in XP, but people use firefox and get drive-by'ed too. I'd say it is more common than the social engineering method. A lot of people just surfing the web know not to download and execute just anything..

Granted, I do see a few people tricked by the ads at download.com, and other places (then they end up with "registry mechanic" or some harmless scareware that borders on illegal..), but most of the time people don't understand how the infectious program ran in the first place.

PS: I should note that adobe plugins and java plugins are the cause of this, and are typically the source of the drive by. It just so happens they are using firefox to launch those plugins. It doesn't necessarily mean its firefox's fault, but it doesn't have the same level of protection chrome does.

 

I didn't say that, actually.

 

(do) need*

I'm exhausted.

 

I don't know if this is what you wanted, but Microsoft has website explaining drive-by downloads. http://www.microsoft.com/security/sir/guide/default.aspx#!section_7_1

I don't personally hunt Firefox exploits resulting in drive-by downloads, but if you want me I can point you some services where you can get links to exploits, which some or most will result in drive-by downloads.

 

everyone says its possible but no one can EVER give me a link ,no matter what forum

 

The nature of these sites is that they're temporary...

 

yes please send me a link where i will get infected just by visiting a website

and i will report my findings back here

 

websites which host rootkits and trojans etc are temporary by nature yet everyone knows where to find those

 

No idea what you're talking about. Everyone knows where to find some?

I can sure point you in the direction of malware, but a site that happens to be infected and that uses a relevant firefox exploit? No, those usually don't lost long.

 

sorry if i didn't make myself clear, all i'm trying to say is that for the past few years i have been looking for malware (yes i am sad ) to test in my test machine but i have never come across a classic drive by download. (a drive by download is something which downloads and executes without any user interaction, simply visiting the webpage is enough apparently)

kind regards

tree

 

thank you for this informative post

 

Maybe it is because of NoScript but I have never seen a drive by. I know they exist because I had to repair a friends computer that got hit with one of those fake AV's.

 

Noscript would be why.. its probably the best way by itself to stop drive-by's...

 

yeah i keep hearing this too from my friends too, funny how its the same people who say they have seen a ghost.

why do my friends keep seeing ghosts at night and i never?
why do my friends say they got infected without clicking anything?


and how do u know it was a drive by?? is it not possible that ur friend clicked on 'allow' therefore not making it a drive by? i have seen hundreds of those fake scanner pages over the years and not one of them was able to download anything without me allowing it (no security software)

 

Well he went to a site and the window popped up so I assumed it was a drive by. I wasn't there to see it so it is just a guess based on what he said.

 

I think its because people like us keep our machines updated. Everyone else is six months+ behind on Windows and programs updates.. Some of them are years behind..