Jump to content


Photo

Is there really such a thing as drive-by?


  • Please log in to reply
5 replies to this topic

#1 Eric in CA

Eric in CA

    Member

  • New Member
  • Pip
  • 2 posts

Posted 13 July 2004 - 09:14 PM

On a couple of occasions I've read that merely by visiting certain web sites, spyware may be installed on your computer.

Is this just an urban legend?

If not, why do so many spyware apps install based on trickery ("click here to exit" which installs the spyware)? I would think they'd all just install automatically.

Or is there a limit to what a web page script can do, and to really do bad stuff they have to get your consent, informed or otherwise?

If there are web sites that automatically install spyware, shouldn't there be a list of sites that do such evil?

- Eric

#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 14 July 2004 - 12:11 AM

Yes.

CoolWebSearch is the biggest of these.

There can be no list without a huge number of tests, and at the moment, we don't have the resources to do that.

There is a limit, but it's unknown at this time (only if you use IE. Firefox is _FAR_. _FAR_ safer - there's a link in my signature if you want it).
Signature file is under revision. This will be back shortly.

#3 Eric in CA

Eric in CA

    Member

  • New Member
  • Pip
  • 2 posts

Posted 14 July 2004 - 11:36 AM

Just to be absolutely clear: If I merely visit coolwebsearch.com, my Internet Explorer will be hijacked?


If so, yikes! I realize it's getting into speculation, but why do the spyware folks even bother with all the tricky "You've won a free prize! Click here to claim it!" stuff? Is it just because it hasn't occurred to them, or they still have some shred of ethics?

Thanks for your replies.

- Eric

#4 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 14 July 2004 - 02:41 PM

No, no, no. CWS is too clever to have it on their pages. There are many, many of their affiliates who use that dubious, nay, illegal, method to distribute their Trojan horses and virii.

You may want to read Merijn Bellekrom's CWS Chronicles for more information on this.

http://spywareinfo.c...chronicles.html

Firefox and Linux, as usual, are immune to browser hijackers.
Signature file is under revision. This will be back shortly.

#5 Sasquatch

Sasquatch

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 21 July 2004 - 12:13 PM

Keep in mind also that much of what you see for spyware / malware related problems are keen exercises in human engineering. Many of the lesser known spyware providers use the "Click Here if the Monkey is waving at you" type ploys to get you.

Every one of these companies and the rinky-dink software developers that they employ need to be punched in the nuts.
Get away from Internet Explorer and Outlook / Outlook Express... http://www.mozilla.org

#6 Misereor

Misereor

    Member

  • Full Member
  • Pip
  • 84 posts

Posted 23 July 2004 - 04:08 AM

On a couple of occasions I've read that merely by visiting certain web sites, spyware may be installed on your computer.
Is this just an urban legend?


Nope, in fact there are several ways of falling victim to this.
Remember that your browser supplies the webpage you visit with several pieces of information, including your IP adress and browser version...

Vulnerabilities in Internet Explorer ActiveX scripting used to allow driveby installs, and more such vulnerabilities are discovered all the time, even if you patched against the latest one.

With your IP adress, anyone can attempt to exploit a number of vulnerabilities pesent on an unprotected system. (unpatched and/or no firewall.)

With security settings that are too low, any webpage can install anything on your system without your approval, regardless of how wellpatched you are.


Sun Tzu once said: "The best strategy is to be very strong."

In computing this means two things.
1. Think before you act. (Something Liv Tyler is incapable of, but I digress...)
2. Secure your system, and keep your security up to date. (Falls under 1., but I thought I'd mention it anyway...)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button