An infected file would just lay dormant until it was run?

[CrazyK]

Hey all,

 

Don't know a huge amount about viruses and malware but I'm right in thinking that in order for either to work, they have to be started by the user at some point right?

 

Think it's probably the OCD part of me but I'm right aren't I? Even if one of my storage partitions had an infected file sitting on it, using a clean OS, there isn't going to be any infection unless it is started by me.

[LaP]

Hey all,

 

Don't know a huge amount about viruses and malware but I'm right in thinking that in order for either to work, they have to be started by the user at some point right?

 

 

 

I don't think it's still possible windows 7 and 8 and newer version of IE but in xp and older ie you could get infected by just visiting a web site and doing nothing else than visiting it.

[sc302 Veteran]

not necessarily.  some do some dont.  some rely on a process to run or start, so the user doesn't necessarily need to do anything to get it to run. 

 

Ie when you enter a web page, the web page has infected code on it and will load when flash is ran...when do you click on anything to run flash?  Or an ad has malware attached to it, when was the last time you had to click on anything to view ads on web pages? 

 

You inadvertently/unknowingly installed a piece of malware on your computer when you installed something, it may lay dormant until your computer restarts and launches explorer.exe or some other random dll.  or it embedded itself into a dll and when that dll launches next, you are hosed.

[Tha Bloo Monkee]

Even if one of my storage partitions had an infected file sitting on it, using a clean OS, there isn't going to be any infection unless it is started by me.

 

OP didn't mention about it on a webpage, but an infected file sitting on a drive.

 

In that case, yes it has to be run.

[sc302 Veteran]

if you downloaded an infected piece of software, like downloading and infected copy of adobe acrobat, yes you would have to run the installer for your computer to become infected.  if you downloaded a doc with an infected macro, yes you would have to run it.

 

generally though, the payload is through the web and accessing infected sites...however there is quite a bit in p2p copies of programs/installers of programs.

[goretsky Supervisor]

Hello,

 

Some malware could infect systems running older version of Windows by simply by creating a specially-crafted AUTORUN.INF file on a USB flash drive, which would get launched when the drive was plugged into the computer unless specific precautions were taken.  This was a technique often exploited by worms.  Other malware made use of specially-crafted .LNK files to cause their code to run automatically when viewed from within Windows Explorer.  This technique was first seen with the Stuxnet worm, as I recall.

 

So, it really depends on the malware in question, the operating system hosting it and, of course, whether your anti-malware software happens to block it.

 

Regards,

 

Aryeh Goretsky

[neowin1338]

That said. In every case the file has to be run. The virus cant just be placed in code and trigger itself. just like anything in the system. It can attach itself to files that are run or it can try to run itself. It could create a service or be run in the auto start folder or just getting triggerd by accessing a website - which you know is transferring and in some occastion running files between the server and the client

[CrazyK]

Some really good stuff all, thanks.  I'm on windows 8.1, all security updates installed and only ever visiting the same old trusty sites.  I thinks it is the OCD part of me that just wants to keep a really clean drive and have nothing I don't know about stored on it, then I start thinking that maybe something has changed some of those files so they are not the files I expect them to be.  All very silly brain stuff that I know is going on.  Thanks :-)

[Nick H. Supervisor]

Some malware could infect systems running older version of Windows by simply by creating a specially-crafted AUTORUN.INF file on a USB flash drive, which would get launched when the drive was plugged into the computer...

Urgh, I remember that. When I was working on a school's service desk we were still running XP. Someone brought in a USB drive that they didn't realise was infected, and it got on to our file server. That was a fun day.

[goretsky Supervisor]

Hello,

 

Except for the cases where it didn't (autorunning worms, boot sector and MBR infectors, malicious VBA scripts in Office, even ANSI bombs under DOS, to name a few).

 

Regards,

 

Aryeh Goretsky

 

 

 

 

That said. In every case the file has to be run. The virus cant just be placed in code and trigger itself. just like anything in the system. It can attach itself to files that are run or it can try to run itself. It could create a service or be run in the auto start folder or just getting triggerd by accessing a website - which you know is transferring and in some occastion running files between the server and the client

[+John Teacake MVC]

I have seen it where they create Scheduled tasks to run. I cant remember what virus it was that did it where I first saw it, Maybe conflicker.

[neowin1338]

Hello,

 

Except for the cases where it didn't (autorunning worms, boot sector and MBR infectors, malicious VBA scripts in Office, even ANSI bombs under DOS, to name a few).

 

Regards,

 

Aryeh Goretsky

well... at the send they always have to be executed. autorunning is an execute .. boot sector and mbr is loaded and vba scripts are run. its not rocket science. there is a text of code which is the virus and somehow this text of code needs to be executed.

[sc302 Veteran]

I think goretsky knows how they execute or enter on a computer better than any of us.

[Torolol]

AUTORUN.INF is a stupidity that was invented by Microsoft.

[sc302 Veteran]

people like things that happen automagically without them doing anything.  It wasn't a stupidiy, it just wasn't implemented in the best way to protect from attack so at this point it is turned off.  the next rendition will be used as an attack vector too, anytime the user doesn't have to do anything to launch something will be an attack vector (look at flash, java, or any other browser based attack method that requires the user to simply visit a site to become infected).

[goretsky Supervisor]

Hello,

 

If you'll re-read the initial post, you'll note that it specifically states "started by the user at some point".  The vectors I mentioned were where code execution occurred automatically without an implicit action to execute said code by the end user. 

 

In other words, the computer itself, the operating system or an application automatically executed the code without an implicit directive from the user (double-clicking on an icon, typing the name of a file and hitting enter on the command line and so forth).

 

That's what I meant.  Apologies if my earlier reply was confusing due to these missing details.

 

Regards,

 

Aryeh Goretsky

 

 

well... at the send they always have to be executed. autorunning is an execute .. boot sector and mbr is loaded and vba scripts are run. its not rocket science. there is a text of code which is the virus and somehow this text of code needs to be executed.