can visiting a web page install software?

[plasmarox]

Can you get infected with spyware/software/malware/trojan etc just by visiting a webpage?

i know this sounds stupid but serveral sources have stated it is possible, but i dont think so somehow.

Cheers.

[SolidSapphire]

I am not an expert but i think it has to start from somewhere... Tracking Cookies are a form of spyware so if that qualifies than Yes...

[White Cuban]

Yes, easily, unless your using the newest version of the popular browsers, IE 8, Firefox,Opera, those are my recommendations, (not so much for IE8 though..)

Spyware/anything can easily slip through cracks in older versions of IE, an issue that took microsoft a long time to adress, you simply go to a web address, and tomorrow your computer doesn't work, amazing how these things work right? :p

quite sad frankly.

Welcome to neowin.

using any browser older than firefox2/IE8 isn't recommended in my books.

chris, that is untrue, old versions of ie without updated to latest updates XP, can get easily infected without any input and installed, utilizing rundll32 and more libary's bugs and easy exploits, its extremely easy, any hack(term for a dumbass, not hacker :p) can do it with 3 google searches.

Edited January 4, 2009 by Matan Mates

[chrismaddern]

There have been brief periods where serious exploits exist in IE / Windows that allow malware to be installed just be accessing a page, but for the most part getting the computer to install something without user input is pretty much impossible; only passive exploits like tracking cookies etc...

Chris

[plasmarox]

Thanks for your kind replies - im beginning to like Neowin!

I usually use FF3, although i am currently using Google Chrome.

I'm doing research for my ICT project, and ive always thought it was impossible to install malware etc without users permission, only by social engineering or ID10T errors :p

[White Cuban]

many people do when they put all they eggs into micropoop basket.

[+BudMan MVC]

As already stated, there have been many proven exploits of drive by infections.. If you browser is open to these exploits, or your security settings are not correct then sure its quite possible to get yourself infected just by an AD that is placed on an unaware web site hosting ads with services that do not verify the code their customers are placing, etc.

Do some research on your own.. Here is one example of an article on it.

http://jamesmirick.wordpress.com/2007/12/2...-by-infections/

They have a link to the white paper "ghost in the browser" Good Read!

http://www.usenix.org/events/hotbots07/tec...ovos/provos.pdf

But yes quite often people let themselves be infected.. The latest false antivirus 2008, 2009 craze is a prime examples of this.. A site pops up something stating your infected -- click here, etc.. Next thing they are wanting $39.95 to clear out their "own" crap from your machine.. There was just a thread about this a couple of days ago.

You also run into the issue when the user infects themselve with 1 piece of malware, quite often it will lower the security settings on the browser - to make it easier to keep itself installed.. allow for partner crapware to be installed, etc.

They make lots of money with this crap.. So yes they are getting very very sneaky and finding new tricks to install their crapware on your box.

[bakup]

I recently got infected with a rootkit just by going to a website, while using the latest version of firefox. It hijacked all my browsers, when I search anything on any popular serach engine, it gave fake results that redirects to crap sites. I think I could have prevented it using NoScript. Btw NOD32, Avast, and AVG did not detected it, the only thing that got rid of it was Malwarebytes.