drive-by download

[ansar313]

hi
there are some malware URLs in BLADE evalution lab that were detected as drive-by download attack.
how can i find what file is downloaded when the user go to these URLs?
for example anyone can say me what file downloaded through these URLs(notice:URLs are dangerous):
--------------------------------------------
hxxp://out.outdoorkitchendistributors.com/in.cgi?2
-----------------------
hxxp://deletefail.ru/
-------------------------
hxxp://85.234.190.13/tds/in.cgi?default
----------------------------
if these URL is not valid there are more URLs in BLADE evalution lab with this url:
http://www.blade-defender.org/eval-lab/
please help meeeeeeeeeeeeeeeee :huh:

 

[Ink]

"for example anyone can say me what file downloaded through these URLs"

These URL lists are very old, circa 2010. Malicious URL or not, a legitimate website can be hosting exploits if hacked through specially crafted webpages.

> User opens webpage
> Webpage script detects vulnerable browser (or plugin)
> Exploit code is executed to deliver the malicious load
> User either runs the download, or it takes advantage of the vulnerability to execute(?)
> User infected without their knowledge.

PS: Correct me if I'm wrong.

 

[Gnosis]

I assume that this is where "HTTPS Everywhere", and "NoScript" add-ons come in handy. Either that or keeping all your Adobe junk and Java updated punctually.

 

[jamescv7]

One sign to determine, the drive by downloads is when browser hangs or crashed.

Its a sign of imjection of processes and files through selected location including temporary foldet.

 

[DrBeenGolfing]

If you are trying to discover the process which these drive-by's work, buy one on these hacker websites and disect it's code yourself. Not exactly what you mean here. I think Earth has it right, though.