| View previous topic :: View next topic |
| Author |
Message |
DanielG
Expert Cheater
 Reputation: 1
Joined: 13 May 2009
Posts: 130
Location: The Netherlands
|
 Posted: Thu Jun 25, 2009 3:30 am Post subject: |
 |
|
| Labyrnth wrote: | | Virus attached to an email "auto installs" |
No it does not.
| Labyrnth wrote: |
It is also possible that the very webpage you download the file from can execute it after download, resulting in an auto install.
The only interaction you had was downloading it. |
No, no webpage can run a file after I download a file.
I think people here are confused because of webpages that might use exploits (in ActiveX or PDF) to auto download and run.
What we're talking about here is that if I download a file from http://www.somesite.ext/file.exe and save it to my computer it will then auto-run.
This is not possible.
|
|
| Back to top |
|
 |
Labyrnth
Moderator
 Reputation: 9
Joined: 28 Nov 2006
Posts: 6285
|
| Posted: Thu Jun 25, 2009 3:56 am Post subject: |
|
|
It is called automated distribution and installation.
Yes a link in a page can cause this to happen.
_________________
|
|
| Back to top |
|
|
DanielG
Expert Cheater
Reputation: 1
Joined: 13 May 2009
Posts: 130
Location: The Netherlands
|
| Posted: Thu Jun 25, 2009 4:54 am Post subject: |
|
|
I've googled for "automated distribution and installation" and found a few sites using this description.
But all use 3rd party software that hooks into the browser to catch the links and run the software (so you need to download and run something before you automaticly download and run someting).
This is not the same as a random webite being able to run any .exe you download.
The original poster is obviously talking about just downloading a .exe from a random site which does not have prior programs running on the users pc to facilitate execution of arbitrary files.
I would like anyone who can claim this is possible to host a website where you can download a harmless .exe which gets automaticly executed on the users pc without the user having to 'double click' the downloaded executable.
|
|
| Back to top |
|
|
Labyrnth
Moderator
Reputation: 9
Joined: 28 Nov 2006
Posts: 6285
|
| Posted: Thu Jun 25, 2009 2:34 pm Post subject: |
|
|
| Code: | | javascript:void(Shell.run(' blah blah blah |
With a hyperlink like this it will execute a file on your machine. Course it needs more scripting or you could do it with VBS or even PHP injection. Fact still stands a web page can execute an executable.
Thats the debate you have created. Not if someone here can write a web page to prove it to you.
_________________
|
|
| Back to top |
|
|
Alphamabet
Master Cheater
![]() Reputation: 0
Joined: 03 Jan 2009
Posts: 452
|
| Posted: Fri Jun 26, 2009 12:39 am Post subject: |
 |
|
| This is why there is something called sandboxie.....
|
|
| Back to top |
|
|
DanielG
Expert Cheater
Reputation: 1
Joined: 13 May 2009
Posts: 130
Location: The Netherlands
|
| Posted: Fri Jun 26, 2009 2:34 am Post subject: |
|
|
| Labyrnth wrote: | | Code: | | javascript:void(Shell.run(' blah blah blah |
With a hyperlink like this it will execute a file on your machine. Course it needs more scripting or you could do it with VBS or even PHP injection. Fact still stands a web page can execute an executable.
Thats the debate you have created. Not if someone here can write a web page to prove it to you. |
Shell would be an ActiveX object, and it still wouldn't work unless the user gave explicit permission for it to run.
The discussion here (see the first post) is that if you download a .exe from a site, that once you saved it to your desktop it would automaticly run.
Unless you can give a proof of concept, everything you say is just mere guessing.
IT wouldn't take you a mere minute to make a page which has "Shell.run(' blah blah blah" on it and prove me wrong.
I call BULLSHIT on your claims.
|
|
| Back to top |
|
|
LolSalad
Grandmaster Cheater
![]() Reputation: 1
Joined: 26 Aug 2007
Posts: 988
Location: Australia
|
| Posted: Fri Jun 26, 2009 4:04 am Post subject: |
|
|
| Labyrnth wrote: | | Code: | | javascript:void(Shell.run(' blah blah blah |
With a hyperlink like this it will execute a file on your machine. Course it needs more scripting or you could do it with VBS or even PHP injection. Fact still stands a web page can execute an executable.
Thats the debate you have created. Not if someone here can write a web page to prove it to you. |
wat, especially at 'PHP injection'
_________________
|
|
| Back to top |
|
|
Labyrnth
Moderator
Reputation: 9
Joined: 28 Nov 2006
Posts: 6285
|
| Posted: Fri Jun 26, 2009 12:54 pm Post subject: |
|
|
Many malware infections install themselves all the time exploiting Microsoft Internet Explorer letting Arbitrary code run on a computer without consent.
Stands to reason, it can then execute files or receive commands to execute files depending on how and what it was coded for.
Thats fine, you can call BS and believe what you want. It's your opinion.
_________________
|
|
| Back to top |
|
|
DanielG
Expert Cheater
Reputation: 1
Joined: 13 May 2009
Posts: 130
Location: The Netherlands
|
| Posted: Fri Jun 26, 2009 1:01 pm Post subject: |
|
|
Read 6 posts up dude, I allready mentioned the exploits.
You aren't getting the point here.
I'm not denying that a webpage can malisiously execute code on a pc.
I'm saying that if you download a file (just the file, no visiting a webpage with 'bad' code) that the downloaded file won't auto run.
This is what the whole discussion is about, since post 1.
Plz read and understand the points made in this topic cause you are looking like a ignorant twat (no offence).
|
|
| Back to top |
|
|
Gigorga
Expert Cheater
 Reputation: -1
Joined: 19 Aug 2006
Posts: 166
|
| Posted: Tue Jun 30, 2009 12:32 am Post subject: |
|
|
| Zarr wrote: | Not until you run it.
I'd probably change the file extension to .virus or something just so I wouldn't run it accidentally. |
Not sure If anyone else said this, but you dont need to run it for it to activate or kick in to effect. You can just stare at it and it will lol and it will do its job.
|
|
| Back to top |
|
|
Luigi
Grandmaster Cheater Supreme
 Reputation: 1
Joined: 24 Mar 2008
Posts: 1082
|
| Posted: Tue Jun 30, 2009 12:36 am Post subject: |
|
|
Some websites download files then open them right afterwards, making the virus successful.
But if you downloaded a keygen, then yes, it would not start until opened.
|
|
| Back to top |
|
|
Zarr
Grandmaster Cheater
![]() Reputation: 0
Joined: 11 Jan 2008
Posts: 915
Location: localhost
|
| Posted: Tue Jun 30, 2009 8:03 pm Post subject: |
|
|
| Gigorga wrote: | | Zarr wrote: | Not until you run it.
I'd probably change the file extension to .virus or something just so I wouldn't run it accidentally. |
Not sure If anyone else said this, but you dont need to run it for it to activate or kick in to effect. You can just stare at it and it will lol and it will do its job. |
...
If you download just an .exe file from a webpage, it will not execute itself without user interaction unless it exploits a bug in the browser you are using to download it. If the .exe file is just an executable file, without writing a separate autorun.inf file somewhere, while not running any associated malware that might execute the executable file itself and you haven't overwritten a preexisting .exe file with permissions to run itself (startup list, executed by another program), the file will not run without user interaction.
It is possible that the malware might exploit a bug in your browser that allows it to run executables. It is possible that there could be other malware associated with the executable file that has installed itself by exploiting a bug within your browser. It it possible that you may have accidentally overwritten an .exe file already overwritten.
No single executable file, without any associated malware, without user interaction, will execute itself. Ever.
_________________
|
|
| Back to top |
|
|
Clannad
Master Cheater
![]() Reputation: 0
Joined: 23 May 2007
Posts: 420
|
| Posted: Tue Jun 30, 2009 10:43 pm Post subject: |
|
|
As people said above, the .exe cannot execute itself without the user executing it.
But yes, viruses can be auto-installed through a simple click.
Here's proof :
Removed by mod
It's the wooberface worm, something like that. Hacks facebook accounts.
It hacks into people's facebooks by getting their info. then sends it through inbox to others, once you click the link, if you do not have an anti-virus protection you'll get pwned.
|
|
| Back to top |
|
|
Zarr
Grandmaster Cheater
![]() Reputation: 0
Joined: 11 Jan 2008
Posts: 915
Location: localhost
|
| Posted: Tue Jun 30, 2009 11:42 pm Post subject: |
|
|
@ the above link: Noscript > it
_________________
|
|
| Back to top |
|
|
Honda
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 07 May 2008
Posts: 1242
|
| Posted: Tue Jun 30, 2009 11:56 pm Post subject: |
|
|
| Zarr wrote: | | @ the above link: Noscript > it |
How do you Noscript it?
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
