• Post Reply Bookmark Topic Watch Topic
  • New Topic

Getting malware from using HTTP GET  RSS feed

 
Norm Radder
Rancher
Posts: 2240
28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My wife got an email from an acquaintance that looked like a phishing attack.  It had a generic text like: " Here are some files for you"  and a link.  She deleted it, but I was wondering if I used a small java program I have that uses a URLCOnnection class object to send an HTTP GET and read the response if there was a way for a site to notice my activity and reach out and put a file on my PC?  I've never heard of that capability, but there are a lot of powerful tools out there that could do the unexpected. 
 
Jesper de Jong
Java Cowboy
Sheriff
Posts: 16060
88
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Norm Radder wrote:... if there was a way for a site to notice my activity

If you send an HTTP GET request to a server, then that server definitely notice that you are doing that and it will probably at least log it.

Norm Radder wrote:... and reach out and put a file on my PC?

A server cannot just reach out and put a file on your PC without your permission, unless your system has a severe security vulnerability that is being taken advantage of.
 
Norm Radder
Rancher
Posts: 2240
28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A server cannot just reach out and put a file on your PC without your permission

So there is a way for software to put a file on my PC if it is able to get "permission".  And if there are exploits for "getting permission" then it can be done.

BTW My PC is running Windows 10
 
Tim Moores
Saloon Keeper
Posts: 4032
94
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're concerned about the security of the Windows machine (probably wise when accessing a suspected malware site), you could retrieve the file via curl or wget from within a patched-up virtual Linux machine.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!