: What does it mean to infect people with silent java drive? I've got a weird contact message through my website, claiming they have found a security vulnerability and wonder if I have a bug

@Kristi941

It's called a "drive by" or "drive by download". From Wikipedia:


Drive-by download means two things, each concerning the unintended
download of computer software from the Internet:


Downloads which a person authorized but without understanding the consequences (e.g. 2. downloads which install an unknown or
counterfeit executable program, ActiveX component, or Java applet).


Any download that happens without a person's knowledge, often a
computer virus, spyware, malware, or crimeware.

Drive-by downloads may happen when visiting a website, viewing an
e-mail message or by clicking on a deceptive pop-up window:[2] by
clicking on the window in the mistaken belief that, for instance, an
error report from the computer' operating system itself is being
acknowledged, or that an innocuous advertisement pop-up is being
dismissed. In such cases, the "supplier" may claim that the user
"consented" to the download, although actually the user was unaware of
having started an unwanted or malicious software download. Websites
that exploit the Windows Metafile vulnerability (eliminated by a
Windows update of 5 January 2006) may provide examples of drive-by
downloads of this sort.

Hackers use different techniques to obfuscate the malicious code, so
that antivirus software is unable to recognize it. The code is
executed in hidden iframes, and can go undetected.

A drive-by install (or installation) is a similar event. It refers to
installation rather than download (though sometimes the two terms are
used interchangeably).


Basically they claim to have found a vulnerability in your website where they can force users to download and execute code to infect their computers. This is probably due to a XSS flaw in your website.

Vote Up Vote Down