View Full Version : automatic download?
dipman44
05-19-2007, 05:20 PM
is there a way to have someone automaticly download a file without them knowing while they are on a website? I am curious because a long time ago i just visted a webpage and my antivirus all of the sudden just said "virus detected!"
and that computer ended up getting pretty screwed up. If anyone knows how please let me know
Voddo
05-19-2007, 10:26 PM
is there a way to have someone automaticly download a file without them knowing while they are on a website? I am curious because a long time ago i just visted a webpage and my antivirus all of the sudden just said "virus detected!"
and that computer ended up getting pretty screwed up. If anyone knows how please let me know
Its possible, especially if the site ran some sort of Java applet. Usually (i believe) these get downloaded to:
C:\Documents and Settings\yourUsername\Application Data\Sun\Java\Deployment\cache
*edit* and are embedded in the .jar files
Moonbat
05-20-2007, 12:01 AM
Well, most new browsers like IE7 and Firefox prevent files from auto-downloading to your computer, so I'm not sure of a way. I would s***est using ActiveX and pretending it's a new version of Flash or something.
dipman44
05-20-2007, 03:44 AM
so how exactly would i do this? im thinking about having people automaticly download my keylogger
Ezekiel
05-20-2007, 04:30 AM
You would exploit a vulnerability in any one of the 'components' of the browser, such as plugins, scripting languages, image viewer, etc. The last vulnerability I heard of in IE was the VML vulnerability; another was the WMF exploit (which affected more than just the browser).
There aren't any major vulnerabilities at the moment (at least I don't think so), and even if there were, there isn't going to be a step-by-step guide to using them to exploit visitors' browsers. That means you could only exploit those that haven't updated in a long time, and there is still antivirus software to stop you.
Aside from exploits, no browser would just let files be downloaded and executed on the computer. They may let them be downloaded, but not executed.
Your best bet is social engineering; simply asking people to download the file for whatever reason then making your excuses when it doesn't do anything.
dipman44
05-20-2007, 04:35 AM
alright thanx mike if you figure anything else out about this please let me know
d3cr3pitor
06-10-2007, 10:27 AM
yes, i'm sure is possible while you visit an website to install a Trojan, is a small script wich you create only with ActiveX i understand.. a friend send me that little 'script' but I have original Windows with Windows Live One Care and another Anti-Virus and was detected finally.. but it was that from the Trojan i think, in the script was his link with the Trojan, maybe that's the reason i'm not sure, Anyway is possible while you visit an website to install a trojan in your computer
dipman44
06-18-2007, 04:35 PM
yes, i'm sure is possible while you visit an website to install a Trojan, is a small script wich you create only with ActiveX i understand.. a friend send me that little 'script' but I have original Windows with Windows Live One Care and another Anti-Virus and was detected finally.. but it was that from the Trojan i think, in the script was his link with the Trojan, maybe that's the reason i'm not sure, Anyway is possible while you visit an website to install a trojan in your computer
do you have any idea what the script exactly is? if you do please reply and post here
Powered by vBulletin® Version 4.1.8 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.