Have you seen a drive by download in the wild?

Have you seen a drive by download in the wild?

  • Yes

    Votes: 4 16.7%
  • No

    Votes: 20 83.3%

  • Total voters
    24

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
I am curious how many people have seen a drive by download in the wild. Either completed or blocked. I know they occasionally hit legit websites with malvertising, but it seems fairly rare. It seems with safe practices this isn’t even a big concern, since you’d have to execute unknown downloaded file yourself. Am I wrong? Just curious what people have seen.
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
No clue if that would count. What I have seen is sites trying to install addons (blocked by adguard as dangerous) and sites trying to open a pdf (atleast in the new tab created from the website there was stuff like whatever.pdf). Both actions without any consent from me.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I am curious how many people have seen a drive by download in the wild. Either completed or blocked. I know they occasionally hit legit websites with malvertising, but it seems fairly rare. It seems with safe practices this isn’t even a big concern, since you’d have to execute unknown downloaded file yourself. Am I wrong? Just curious what people have seen.
It is rare but possible. The greater chance would be via opening a spam attachment or intentionally run a crack. Furthermore, you do not need to execute the unknown downloaded file if it can exploit the application which is used for opening (like .docx document can exploit MS Word application).
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
It is rare but possible. The greater chance would be via opening a spam attachment or intentionally run a crack. Furthermore, you do not need to execute the unknown downloaded file if it can exploit the application which is used for opening (like .docx document can exploit MS Word application).

Good to know. Glad I don’t use MS Office or Adobe on my personal machine.
 

Bombus

Level 2
Verified
Jun 12, 2016
50
That drive by was under my control. Back in maybe 2010 or so. At that moment I had Comodo firewall (custom rules set), Sandboxie (allow to start for all programs, connection to internet for mozilla and chrome only). I went to malwaredomain list (i think). I found an ,,adobe drive by". I went to that site. I had an alert of Sandboxie about ,,reader.exe wants to connect to internet"". The page was blank. I allowed connection. After i had a Comodo alert, i blocked connection. After PC restart i went to antimalware.ru (i wanted to see reaction of Sandboxie and Comodo to pdf file). I saw normal pdf file and... connection from adobe. I blocked connection, the pdf file was normal, i could see it. At that moment i understood that adobe connection can be blocked because in order to see a pdf file on line, adobe doesn't have to connect to the internet. Maybe adobe was looking for updates or wanted to send statistics. In real life i had only 1 drive by (Back in 2004). I had Windows 98 (sic). No antivirus. I was working for a small company. My desktop was attacked by zoophilian page ( I was looking for information about a German archaelogical culture and Voila). I cleaned my PC with norton symantec and Adaware free). After that i began to learn about PC security. Regards.
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Good to know. Glad I don’t use MS Office or Adobe on my personal machine.

when i want to run cracked program it will be on virtual machine with NAT network and Snap shoot from clean stat to revert it back when finish
the best and most safe solution i found ;);)
 
  • Like
Reactions: blackice

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top