is there a way to have someone automaticly download a file without them knowing while they are on a website? I am curious because a long time ago i just visted a webpage and my antivirus all of the sudden just said "virus detected!"
and that computer ended up getting pretty screwed up. If anyone knows how please let me know

is there a way to have someone automaticly download a file without them knowing while they are on a website? I am curious because a long time ago i just visted a webpage and my antivirus all of the sudden just said "virus detected!"
and that computer ended up getting pretty screwed up. If anyone knows how please let me know


Its possible, especially if the site ran some sort of Java applet. Usually (i believe) these get downloaded to:

C:\Documents and Settings\yourUsername\Application Data\Sun\Java\Deployment\cache

*edit* and are embedded in the .jar files

Well, most new browsers like IE7 and Firefox prevent files from auto-downloading to your computer, so I'm not sure of a way. I would s***est using ActiveX and pretending it's a new version of Flash or something.

so how exactly would i do this? im thinking about having people automaticly download my keylogger

You would exploit a vulnerability in any one of the 'components' of the browser, such as plugins, scripting languages, image viewer, etc. The last vulnerability I heard of in IE was the VML vulnerability; another was the WMF exploit (which affected more than just the browser).

There aren't any major vulnerabilities at the moment (at least I don't think so), and even if there were, there isn't going to be a step-by-step guide to using them to exploit visitors' browsers. That means you could only exploit those that haven't updated in a long time, and there is still antivirus software to stop you.

Aside from exploits, no browser would just let files be downloaded and executed on the computer. They may let them be downloaded, but not executed.

Your best bet is social engineering; simply asking people to download the file for whatever reason then making your excuses when it doesn't do anything.

alright thanx mike if you figure anything else out about this please let me know

yes, i'm sure is possible while you visit an website to install a Trojan, is a small script wich you create only with ActiveX i understand.. a friend send me that little 'script' but I have original Windows with Windows Live One Care and another Anti-Virus and was detected finally.. but it was that from the Trojan i think, in the script was his link with the Trojan, maybe that's the reason i'm not sure, Anyway is possible while you visit an website to install a trojan in your computer

yes, i'm sure is possible while you visit an website to install a Trojan, is a small script wich you create only with ActiveX i understand.. a friend send me that little 'script' but I have original Windows with Windows Live One Care and another Anti-Virus and was detected finally.. but it was that from the Trojan i think, in the script was his link with the Trojan, maybe that's the reason i'm not sure, Anyway is possible while you visit an website to install a trojan in your computer

do you have any idea what the script exactly is? if you do please reply and post here