silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
It's 2020, and numerous browsers still allow drive-by-downloads from what is meant to be secure contexts such as sandboxed iframes.
For those unfamiliar with the term, a drive-by-download is when a user visits a site, and a file download is initiated without the user's interaction.
This technique can be used to distribute unwanted software and malicious programs in the hopes that users will accidentally or mistakenly execute the downloads and get infected.
New research from ad security firm Confiant shows that secure contexts such as sandboxed iframes can be abused to allow drive-by-downloads when visiting a website.
As most advertisements are displayed on a web page via iframes, malicious advertisers can use them to deliver unwanted applications that infect your computer.
Malvertising, Site Compromise, And A Status Report On Drive-by Downloads
This blog post will explore the details behind a recent spree of website hacks and the malicious payloads that were embedded and served to…
blog.confiant.com