Drive-by Downloads: How much of a Threat Are They?

AWESOME job! I learned a lot and it was put in a well demonstrated way where most anyone can understand. I think the use of SS were spot on perfect. THANKS!!

 

Sorry if I'm missing something really obvious.
Why couldn't the malicious code automatically download the malware and skip the process of using the .ani file?
Thanks

 

Thanks for all your hard work Rmus. I work in IT and it's refreshing to see someone willing to educate people on the prevention side of infections.

 

It's nice, ParadigmShift, to see someone who works in IT. I'd be interested in what procedures/policies/products your company has in place to protect against these types of attacks.

Those who write malware exploits do both - the example I used where a number of products were tested was code directly in the web page. Finding files to trigger the exploit is just another way of accomplishing the goal.

Today the use of files such as PDF and SWF (Flash) in exploits is effective because those exploits target applications that many people use, and will work in browsers which have scripting and plugins enabled. (I've tested with IE, Opera, Firefox)

This seems to be the case for the web-based exploits. Browsers today offer a lot of configuration options for controlling scripts per site. It's just a matter of making people aware of that.

Remote code execution exploits can also target other points of entrance besides the browser. Conficker is a good example, where the first variant of it attacked via open Ports, and the second variant via USB and the autorun.inf file.

Ah, yes! How reporters love to pick up a story and run with it. Here are some quotes I saved regarding drive-by attacks. Some have an element of truth, yet are misleading if not clarified. The last is just downright Wrong. And, of course, their impact on the uninformed reader is obvious.

And so it goes...

----
rich

 

OK, thanks very much for your help.