1

I read every where that drive by download attack consists in downloading malware to the victim's PC and execute it without the victim's permission.

My question: does this "download" term include downloading any given file (virus.exe, worm.js ...) ? Or does it consists only in a something like malicious JavaScript attacking vulnerable plug-ins or features of the victim's brower ?

I ask this question because I did not find any article speaking about this.

2 Answers2

2

Yes. As you can read on this article, Drive-by download includes:

  • downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet
  • computer virus, spyware, malware, or crimeware

They can rely on the users' behaviour (e.g. malicious simulation of an OS message), or exploit a browser / plugin vulnerability to trigger the file download without user's consent.

ack__
  • 2,728
  • 14
  • 25
  • Thank you for the link, I read it before I asked this question and I do not trust wikipedia when it comes to computer science (by experience). –  May 22 '14 at 12:08
  • Wikipedia is not perfect but usually a reliable source of information. Their article on Drive-by download is clearly not detailed, but it is correct. – ack__ May 22 '14 at 12:14
  • Apart from that article, I do not see any other serious article mentioning file downloading. –  May 22 '14 at 12:53
  • "Drive-by download" on Google will show up hundreds of websites that mention it, including those I could check on the 1st result page. – ack__ May 22 '14 at 13:23
  • 'A Fast Filter for the Large-Scale Detection of Malicious Web Pages', that is a serious and official document of Marco Cova et al who developed Profiler: at any moment they spoke about file download. But I found 'amateur' articles mentioning file download. So I just wonder if it is really the case (I try to simulate drive by download attack on my own machines with benign PDF file but it sounds impossible as a task) –  May 22 '14 at 13:45
1

I believe the term "drive by download attack" refers to either of those cases. Either downloading a malicious file and executing it, or visiting a web site which is hosting malicious JavaScript, ActiveX components, or has some other way of exploiting vulnerabilities on your system.

Most of those threats can be mitigated by not opening files from unknown sources, and keeping your OS, browser, java, and plugins up to date.

Brian Duke
  • 157
  • 7