How does your system become infected by just browsing

[victor43]

I am looking to find out the mechanics of their technique that essentially uses a browser to infect ones system.

I have personal experience of contracting a what I believe a virus/malware and it ending up somewhere on my computer and not in the browser cache.How is this possible and how can registry be modified at the same time ? I believe that the virus is able to circumvent the browser memory/disk space and into the rest of the system ? I just don't know how this is done.

Any comments would be appreciated

[FreewheelinFrank]

A security hole in the browser allows execution of commands outside the browser. Technically, a 'vulnerability' is 'exploited' to download, install and run malware, or malicious software.

Try Googling "browser vulnerability" or "browser exploit" for more information.

[zerospam]

To expand upon FreewheelinFrank's note, malware theoretically can exploit a security flaw in anything that touches it, not just a browser. Before your browser sees a web page, it passes through several layers of hardware, firmware, and software. Malware could exploit a security flaw in any of these layers to infect your machine.

Imagine that, for example, your operating system's ethernet or wifi driver has a bug that writes some data onto a portion of the stack it doesn't own when it receives a certain kind of IP packet. Imagine also that an attacker has discovered how to exploit this flaw, and has put her exploit (malware) onto a website. When you browse to that site, your browser asks the operating system to request data from it. The website sends, among other things, the malware back to your computer. Your computer's ethernet driver reads the malware, malfunctions, and eventually begins to execute the malware, which can then do anything it wishes.

[FreewheelinFrank]

To expand upon FreewheelinFrank's note, malware theoretically can exploit a security flaw in anything that touches it, not just a browser. Before your browser sees a web page, it passes through several layers of hardware, firmware, and software. Malware could exploit a security flaw in any of these layers to infect your machine.

Imagine that, for example, your operating system's ethernet or wifi driver has a bug that writes some data onto a portion of the stack it doesn't own when it receives a certain kind of IP packet. Imagine also that an attacker has discovered how to exploit this flaw, and has put her exploit (malware) onto a website. When you browse to that site, your browser asks the operating system to request data from it. The website sends, among other things, the malware back to your computer. Your computer's ethernet driver reads the malware, malfunctions, and eventually begins to execute the malware, which can then do anything it wishes.

Indeed-  malware has exploited many web-facing applications, not just browsers. Flash, Java, PDF are the usual suspects in browsing drive-by downloads, not to mention the man helpful features of IE and Windows that seem to avail themselves so well to "misuse".

[Pondus]

Drive-by infections
http://www.ebankingabersicher.ch/index.php?option=com_content&view=article&id=75&Itemid=0&lang=en

Methods of Infection
http://www.malwarehelp.org/methods-of-infection.html

Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

[Hermite15]

activeX in Internet explorer   ... can happen to any site, legit or not, any time, without that the site's owner would even be aware of anything.

[zerospam]

activeX in Internet explorer   ... can happen to any site, legit or not, any time, without that the site's owner would even be aware of anything.

On this and similar topics, three of the best things you can do to avoid drive-by infections are (1) Keep your OS up-to-date; (2) Don't use IE (except for Microsoft updates); and (3) Run your browser in a non-administrator account that is allowed access only to the data that it needs to run.

Running a browser in an administrator account is simply begging to be infected.

Oh, and the single best thing you can do to avoid infections generally is to never run anything that isn't digitally signed by a reliable source.

[victor43]

Many thanks for the informative replies. Will definitely read through everything carefully.

That's the kind of replies I was searching for but previous searches on google did not turn up anything.

Victor

[Shiw Liang]

Wow internet explorer is not safe at that point?
OMG!!!

[Tarq57]

Wow internet explorer is not safe at that point?
OMG!!!

Are you being sarcastic, or did you really not know about that?

[kadenk]

if you use the avast sandbox for your web browser or better yet sandboxie. makes drive by and other things like that a thing of the past (more powerful, and lets you try out programs before installing them)

if you want to try sandboxie (it's free) you can get it here but only if you are using 32 bit operating system

if you have avast pro obviously use that sandbox

http://www.sandboxie.com/SandboxieInstall.exe