can a virus execute by itself?
is there any type of viruses can execute by itself after download then on the HDD without clicking on it??
if there is ..... can you refer me to any sites about them?
I think it's more accurate to say 'a virus can't execute itself, unless it has the cooperation of the Operating System and/or software bugs and/or the user.
If the OS allows files to be executed automatically because of their name or location (for example an email attachment) then a virus can masquerade as a legitimate file and be executed by the OS without user intervention. This used to be the default behaviour in early email clients.
Also, if the OS or specific software has errors that a virus can exploit to run its code, then a virus can start itself.
But users are most often the means for a file to be executed. I was surprised recently when a work-colleage told me she thought her computer had a virus after she opened an attachment in an email from a complete stranger. I thought she would have known better.
The closest example I can think of was the W32.Nimda virus.
One of its prorogation methods was via open windows file shares. From memory, it copied itself as an .eml file to open network shares.
I can't remember the exact details, (and can't find a link in the time I have), but from memory, the file needed very little interaction via Windows Explorer for the code to be executed on the target computer. (I seem to recall just having the file displayed in Windows Explorer was enough for the code to execute).
Yes, in the context of the browser, since unintentionally you're executing the page without clicking on anything. Such viruses are capable of downloading themselves to your hard disk without your cooperation.
The propagation vector here can be JavaScript, Java, ActiveX, Flash and other plugins. Many such attacks are carried out through cross-site scripting.
You can find lots of information about Web attacks on the site of the popular Firefox extension NoScript.