Have you seen a drive by download in the wild?

  • Yes

    Votes: 4 16.7%
  • No

    Votes: 20 83.3%
  • Total voters
    24

blackice

Level 8
Verified
I am curious how many people have seen a drive by download in the wild. Either completed or blocked. I know they occasionally hit legit websites with malvertising, but it seems fairly rare. It seems with safe practices this isn’t even a big concern, since you’d have to execute unknown downloaded file yourself. Am I wrong? Just curious what people have seen.
 

Freki123

Level 6
Verified
No clue if that would count. What I have seen is sites trying to install addons (blocked by adguard as dangerous) and sites trying to open a pdf (atleast in the new tab created from the website there was stuff like whatever.pdf). Both actions without any consent from me.
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
I am curious how many people have seen a drive by download in the wild. Either completed or blocked. I know they occasionally hit legit websites with malvertising, but it seems fairly rare. It seems with safe practices this isn’t even a big concern, since you’d have to execute unknown downloaded file yourself. Am I wrong? Just curious what people have seen.
It is rare but possible. The greater chance would be via opening a spam attachment or intentionally run a crack. Furthermore, you do not need to execute the unknown downloaded file if it can exploit the application which is used for opening (like .docx document can exploit MS Word application).
 

blackice

Level 8
Verified
It is rare but possible. The greater chance would be via opening a spam attachment or intentionally run a crack. Furthermore, you do not need to execute the unknown downloaded file if it can exploit the application which is used for opening (like .docx document can exploit MS Word application).
Good to know. Glad I don’t use MS Office or Adobe on my personal machine.
 

Bombus

Level 1
That drive by was under my control. Back in maybe 2010 or so. At that moment I had Comodo firewall (custom rules set), Sandboxie (allow to start for all programs, connection to internet for mozilla and chrome only). I went to malwaredomain list (i think). I found an ,,adobe drive by". I went to that site. I had an alert of Sandboxie about ,,reader.exe wants to connect to internet"". The page was blank. I allowed connection. After i had a Comodo alert, i blocked connection. After PC restart i went to antimalware.ru (i wanted to see reaction of Sandboxie and Comodo to pdf file). I saw normal pdf file and... connection from adobe. I blocked connection, the pdf file was normal, i could see it. At that moment i understood that adobe connection can be blocked because in order to see a pdf file on line, adobe doesn't have to connect to the internet. Maybe adobe was looking for updates or wanted to send statistics. In real life i had only 1 drive by (Back in 2004). I had Windows 98 (sic). No antivirus. I was working for a small company. My desktop was attacked by zoophilian page ( I was looking for information about a German archaelogical culture and Voila). I cleaned my PC with norton symantec and Adaware free). After that i began to learn about PC security. Regards.
 

DDE_Server

Level 4
Good to know. Glad I don’t use MS Office or Adobe on my personal machine.
when i want to run cracked program it will be on virtual machine with NAT network and Snap shoot from clean stat to revert it back when finish
the best and most safe solution i found ;);)
 
  • Like
Reactions: blackice