3

Often I read about compromise due to visit a malicious site which download some exploit to your computer. I've never seen a detailed process, all books/tutorials I read just say sentences like "once the site is visited, the target is compromised", "redirecting the user to an attacker-owned site which downloads malicious javascript", etc, but that seems a little vague to me...

How does this kind of compromise work? Because apart from exploiting some vulnerability in the web browser (and that must be a 0day nowadays), I don't know with other attack vector could happen.

The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
  • Do not forget that web browsers use operating system calls which can themselves have vulnerabilities. (Remember Windows metafile?) Browsers also have plugins, of which PDF reader and Flash display are the most notorious sources of vulnerabilities, but they're not alone. – Bob Brown Dec 26 '14 at 21:35

2 Answers2

3

Generally, most drive by browsing attacks are through browser vulnerabilities, which redirect you etc., but some are through PDF render engines, or in fact any input or display functionality.

These do not have to be zero-days. Many browsers have vulnerabilities - some that have been known for years and have fixes out.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • ok, then is what I thought. My question was because those texts say that in a way that make the reader thinks that just because the target visits the site, he's going to be compromised – The Illusive Man Dec 27 '14 at 09:03
  • Rory is essentially correct. The reason you get generalized descriptions is there's many different ways to perform an exploit. There's a contest called [pwn2Own](http://en.wikipedia.org/wiki/Pwn2Own#Software_to_exploit) that provides full disclosure. If you're interested in all the details, that'd be a good place to start. – Steve Sether Dec 26 '14 at 21:28
  • ^^^ That is still entirely possible. Once can be compromised merely by visiting a malicious site depending upon the exploit being leveraged. – k1DBLITZ Dec 29 '14 at 19:45
1

Drive by exploits are a result of targeting vulnerabilities in a particular web browser. A web browser is a large piece of software with the potential for many bugs. PDF rendering, flash players, Javascript engines are all complex and have a long history of vulnerabilities.

A good mitigation is definitely keeping your browser up-to-date. A zero-day exploit (or exploits) capable of accomplishing drive-by code execution on a modern browser is very valuable. It is likely that anyone with access to such an exploit will save it for a targeted attack. Instead, most drive-by exploits you are likely to encounter in your day-to-day surfing will be old vulnerabilities targeted at outdated browsers.