It seems like I only ever run into two types of malware distribution

Discussion in 'other security issues & news' started by Hungry Man, Jun 29, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Social engineering ie: download this crack and run it OR click this link to scan your PC

    or

    drive by downloads


    I never see real world episodes of a program being exploited to distribute malware.
     
  2. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    would it be possible for you to send me a link for a drive by download which works on firefox?

    i dont think i have ever come across one. am i right in assuming a drive by download is an attack which requires no user input for the malware to run? so a user just goes to a webpage and they automatically get infected?
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Not only. A drive-by download is a nice way of saying remote execution. The source of such remote execution could be a flash drive, for example. Remember the LNK thing? There you go, that's a drive-by download.

    But, Hungry Man, there's something you're confusing... a drive-by download needs a vulnerability in an application, so that an exploit can take advantage of it and initiate the drive-by download (in this case).

    So, when you say I never see real world episodes of a program being exploited to distribute malware., it doesn't make much sense.

    I've seen some sites mentioning that a drive-by download could also be something that someone knowingly downloaded but didn't understand what it was all about... Well, for me this is social engineering... making someone believe they need something... even if these people got no clue of what they're doing.
     
  4. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    moonblood, can you give me more examples of drive by downloads apart from the LNK exploit as i personally dont consider them drive by downloads as a user has to have the infected file on their pc in the first place.

    is there a way for a default firefox user to go to a webpage and get infected without user input? if so can anyone pm me a link as i have never personally seen this (all the more strange as i actively hunt for malware)
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Drive by downloads don't need exploits? If I visit a site and it initiates a download and that download executes it's a drive by download infection. This is how that mac malware was spread.


    edit: Treehouse, that is absolutely possible. Though finding a link to it wouldn't be easy.
     
  6. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    I personally can't give exact examples, but I see them commonly. I'll admit, it happens mostly using IE in XP, but people use firefox and get drive-by'ed too. I'd say it is more common than the social engineering method. A lot of people just surfing the web know not to download and execute just anything..

    Granted, I do see a few people tricked by the ads at download.com, and other places (then they end up with "registry mechanic" or some harmless scareware that borders on illegal..), but most of the time people don't understand how the infectious program ran in the first place.

    PS: I should note that adobe plugins and java plugins are the cause of this, and are typically the source of the drive by. It just so happens they are using firefox to launch those plugins. It doesn't necessarily mean its firefox's fault, but it doesn't have the same level of protection chrome does.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I didn't say that, actually.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    (do) need*

    I'm exhausted.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I don't know if this is what you wanted, but Microsoft has website explaining drive-by downloads. http://www.microsoft.com/security/sir/guide/default.aspx#!section_7_1

    I don't personally hunt Firefox exploits resulting in drive-by downloads, but if you want me I can point you some services where you can get links to exploits, which some or most will result in drive-by downloads.
     
  10. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    everyone says its possible but no one can EVER give me a link ,no matter what forum ;)
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The nature of these sites is that they're temporary...
     
  12. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    yes please send me a link where i will get infected just by visiting a website

    and i will report my findings back here
     
  13. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    websites which host rootkits and trojans etc are temporary by nature yet everyone knows where to find those
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No idea what you're talking about. Everyone knows where to find some?

    I can sure point you in the direction of malware, but a site that happens to be infected and that uses a relevant firefox exploit? No, those usually don't lost long.
     
  15. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    sorry if i didn't make myself clear, all i'm trying to say is that for the past few years i have been looking for malware (yes i am sad :D ) to test in my test machine but i have never come across a classic drive by download. (a drive by download is something which downloads and executes without any user interaction, simply visiting the webpage is enough apparently)

    kind regards

    tree
     
    Last edited: Jun 29, 2011
  16. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    thank you for this informative post :thumb:
     
  17. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Maybe it is because of NoScript but I have never seen a drive by. I know they exist because I had to repair a friends computer that got hit with one of those fake AV's.
     
  18. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Noscript would be why.. its probably the best way by itself to stop drive-by's...
     
  19. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    yeah i keep hearing this too from my friends too, funny how its the same people who say they have seen a ghost.

    why do my friends keep seeing ghosts at night and i never?
    why do my friends say they got infected without clicking anything?
    ;)

    and how do u know it was a drive by?? is it not possible that ur friend clicked on 'allow' therefore not making it a drive by? i have seen hundreds of those fake scanner pages over the years and not one of them was able to download anything without me allowing it (no security software)
     
  20. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Well he went to a site and the window popped up so I assumed it was a drive by. I wasn't there to see it so it is just a guess based on what he said.
     
  21. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    I think its because people like us keep our machines updated. Everyone else is six months+ behind on Windows and programs updates.. Some of them are years behind..
     
Loading...
Thread Status:
Not open for further replies.