Get Infected From A Link

[shanenin]

I have people telling me they have been getting malware infections by doing nothing more then clicking on a link. Doesn't Windows XP request your permission before letting an install happen? I have been telling my clients they are pretty safe as long as they do not agree to install something. I think I have been giving false information. What is your guys opinion on the likely hood of a drive by infection? Is this likely to happen on a fully updated OS, or do most of these drive by infections typically only affect unpatched machines?

[blim]

Oh heck yeah, I've heard of these cooties, but luckily I've never had the "opportunity" to avoid them......maybe because I have a patched idiotbox? This one is the latest variation going around. There is also a postcard or greeting card cootie that is going though the email train and not too long ago there was a nasty cootie floating through AIM and MSMessenger--one of the kids' friends got caught by that one but luckily she warned everyone on her AIM list so at least my kids knew better than to click her link. I never click a link unless I completely trust the "linker" or a few people click the link first

Liz

Edited August 28, 2008 by blim

[isteve]

Clicking on a link can indeed infect any computer. Browsers especially IE can run Active X and Java scripts and lots of plugins that can install programs without your knowledge. Of course there are steps you can do to help keep this from happening. First don't run as administrator, not so easy with XP much better with Vista or OS X, Keep your system and apps up to date and be careful on what links you click on or at least turn off scripting when doing risky surfing.

[shanenin]

Isn't the default setting for XP to ask permission before installing ActiveX controls? If all is working correctly, I thought that no programs can be installed with out the user giving the go ahead.

[isteve]

Thats how it supposed to work but if there is a new hole or unpatched hole in the OS or browser then a script could be run without the users knowledge. The script can have the same privileges as the user so if your administrator you screwed.

[shanenin]

For the most part, would it be safe to say a fully patched(mainly IE) system can not get infected that way.

[hitest]

For the most part, would it be safe to say a fully patched(mainly IE) system can not get infected that way.

Good question. IE can be vulnerable to malicious code embedded in websites. I always advise people to stay the hell away from IE and use FF or Opera. I don't trust IE even on a system that is fully patched.

[flashh4]

Howdy guys, i worked a log where the user was infected like this:

He visited a site to download an Antivirus and it seems the latest variant appears to have the close and X button reprogrammed to install the nasty if you click them so you have to close the browser , preferably with task manager when it pops up you get infected.

Hope this helps ! So yes you can get infected by just visiting a site !

Chuck

[shanenin]

Even if you press the "reprogrammed" button, if the machine is fully updated, do you think the "Windows XP" OS will pop up with a prompt asking your permission to let it install?