Drive-By Downloads: Malware's Most Popular Distribution Method


Recommended Posts

Drive-By Downloads: Malware's Most Popular Distribution Method

After years of burying malicious software in email and portable storage media, attackers now favor quick downloads via legitimate websites, researcher says

Nov 12, 2010 | 09:54 AM

By Tim Wilson

DarkReading

A drive-by download typically begins by injecting a Web page with malicious code, often through JavaScript, Daswani explained. The code generally invokes a client-side vulnerability to deliver shell code, such as the JavaScript-based Heap Spray attack, to take control of the user's machine. From there, the attacker can send a "downloader," which is often custom, zero-day code that isn't recognized by traditional antivirus systems.

Once the downloader is in place, the attacker can deliver his malware of choice, Daswani said. Drive-by downloads are particularly effective for delivering code that can steal end user credentials (such as Zeus), launch a fake antivirus scam (such as Koobface), steal server-side administrative credentials (such as Gumblar), steal corporate secrets (such as Project Aurora), or collect fraudulent click revenue (such as clickbot.A), he noted.

http://www.darkreadi...cleID=228200810

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...