0

Possible Duplicate:
Can you get virus just by visiting a website in chrome

I have a hard time believing that drive-by downloads can actually happen without a user's assistance (e.g. without the user clicking a popup and downloading a program).

To test this, I've set up a virtual machine with IE 6 on it (no updates!), but then I got stuck -- when I looked at Norton's Top 100 Dirtiest websites, all of them seemed clean (clicking on their report says they're not infected). Subsequently browsing a couple confirmed this point.

Is a drive-by download even possible? Any simple proof/examples of sites that do this?

Community
  • 1
user541686
  • 2,502
  • 2
  • 21
  • 28
  • @RoryAlsop: I was looking for some sort of example, not a mere assertion that it's true. Obviously the latter was already in the Wikipedia article... – user541686 Jan 11 '12 at 02:56
  • I wanted to answer to you here to this interesting question but I can since it is marked duplicate. You can find 3 examples of what you asked here via an answer to the question supposed to be the duplicate of yours. –  Aug 16 '15 at 14:17

1 Answers1

3

Yes and no. The problem is that as soon as a known security breach exists, the company which wrote the browser books it to patch the hole, so it is hard to find a concrete example.

One classic example of "drive-by download" is being able to write to disk without the user's consent. One such exploit was shown in Safari last year. What's worse, is that that specific security breach also allowed malicious agents to activate an app on the Mac, kinda scary.

cwallenpoole
  • 181
  • 4