0

Can malware be installed without permission (a drive-by download) if a pop-up ad is closed within a second of it opening?

More specifically, can it be installed after the ad is closed, not during the one second that it was open?

Note: I had just Microsoft Security Essentials running for protection at the time. which is useless

2 Answers2

4

A popup is not required in a drive-by-download malware infection. In fact the popup you see could just be created to distract you from the actual infection and thus closing it will not stop the infection, even if done quickly. So yes, you should worry if you see a popup the same way as you should worry if you don't see a popup because the infection can be done in both cases.

Note: I had just Microsoft Security Essentials running for protection at the time.

According to Microsoft the infection rate on systems with always on real-time protection is still about 3..5% so don't expect a full protection. Source: Microsoft Security Intelligence Report 19 Page 89 figure 66.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
1

Yes it is theoretically possible, however it is unlikely.

About the only way this would happen is if you had some form of outdated software (think Flash) within your browser. In that brief second it's possible for the software to be exploited which in turn kicks off a chain of events in processes (without the browser window open) which download and install further malware.

Would I worry about it though? No probably not.

Peleus
  • 3,827
  • 2
  • 18
  • 20
  • so you mean that chain of events would be triggered only in outdated browsers –  Dec 23 '16 at 05:58
  • Yes. The chain of events would need to exploit a vulnerability. Typically these flaws are known about (and hence actively exploited) in older software. – Peleus Dec 23 '16 at 06:04
  • and can these chain of events be triggered after the closing the pop up tab –  Dec 23 '16 at 20:08
  • what about zero day vurnebilities –  Dec 24 '16 at 12:15