The Drive-By Virus Infection, Weekly Count from XC.

It makes news from time to time about viruses that are delivered by media like advertisements.

Then the news looks to see if it's new and often reports like viruses in advertisement media is new.

It isn't new and it dates back to the dial-up days and CD Rom driver days when we first saw a CD ROM (not R/W but ROM).

In 2005 I started tracking the little drive by virus advertisements and found they move around just as much as your local botnets do.

Lately I have seen at least 1 attempt to infect my workstation each week. And believe me, I don't use this workstation for anything but IT News and updates. So when I visit a site to read about some IT news and find my LinkScanner detected a virus or as it was the other day an Java Exploit I thought about how many other sites have the same advertisements.

Yes, I'm once again collecting the infected ads that distribute the virus but they may or may not know about it.

It's difficult to make the notice go out because of the "Random" display fashion of viruses. But when I can trap one on more than two page loads I can validate that the virus did come from XYZ advertisement and here's the link to prove it.

Next week I'll start publishing the virus links so you can experiment with them. Remember, any virus link I publish here will be with spaces and when you put it all together to make the URL function it's your machine not mine that will have the virus downloaded.

Be sure to test on non-production machines. I'll do my best to post up the internal workings of the virus so you don't have to do all the trap work. The key is to collect without being infected.

This section is going to be dangerous for those that are new so read before you click.


Voicemail Alert Exploit

Tuesday Sep 11 2012
Voice Mail from 703-881-1228 (55 seconds) Microsoft Outlook On Behalf of Anonymous Caller ( To: You You received a voice mail : N_V50-062-NIDS.WAV (182 KB‎) Here's a nice Self Inflicted Virus that can be labeled a "Drive By from only the redirect at http:// 5ACeRRyc/index.html

Java Updates

Wednesday May 2 2012
Java Updates! Java Updates! Update your Sun Java! Error 25099, Unzipping core files failed. Do yourself a big favor this week and don't just put a reminder to update your Sun Java. Open the control panel and setup the automatic updates. But watch the video and learn what you need and what I wouldn't install.

Exploit Rogue Scanner

Tuesday May 17 2011
Exploit Rogue Scanner (Type 1027) what AVG LinkScanner can do for you all for free. Some toolbars are designed to help while others are not. The AVG Linkscanner toolbar add-on has been put to the test more than once. Your systems could benefit from a free tool like this.

Web browser exploits

Tuesday Mar 22 2011
Web browser exploits are just one more reason to update often. Security! Browser exploits seem to run seasonal for us in that we just don't see allot of these exploited advertisements and websites outside the marketing dates for major gift giving holidays. Could it mean virus developers have a sense of humor or is it profit?

Advertisement Servers

Tuesday Mar 1 2011
Advertisement servers that have distributed viruses should be monitored by the hosts. One of the easier ways to get a virus on your computer is from advertisement servers. This article will talk briefly about and todays little exploit one of its ads attempted to launch. No visible method of reporting rouge ads on

Dropper.Inor Virus

Wednesday Jun 15 2005
Dropper.Inor Virus / Trojan Info tracking my offically first drive by virus infection. Naturally I was using AVG Linkscanner even then to warn me when a virus via flash, java, etc was attempting to install on my computer. With that information collected I was able to track this virus to a server in South America and then in Europe. I didn't even need to look for the virus. It was on many sites.

1 | 2


Care to prove me wrong on this topic? I'd like to show you week by week how many viruses I get will working online and reading articles from from what we consider accredited websites. I still get one or more virus drive by attempts each week. Nice thing is I can see most of them. It is the ones I can not see that I worry about. Now, if a technician sees a virus each week just from surfing the web why don't you see that same about?