Drive-by download, también conocido como Drive-by Exploit, se refiere a un
malware que se instala en tu computadora con el sólo hecho de visitar páginas
en Internet que están infectadas por este tipo de amenaza. No se requiere una
interacción alguna, este malware se encuentra en el mismo código HTML de las
páginas infectadas y el sólo hecho de cargarlas en tu navegador de Internet
hace que se contamine tu computadora.
http://aprenderinternet.about.com/od/Glosario/
This threat
refers to the injection of malicious code in HTML code of websites that
exploits vulnerabilities in user web browsers. Also known as drive-by download
attacks, these attacks target software residing in Internet user computers (web
browser, browser plug-ins and operating system) and infects them automatically
when visiting a drive-by download website, without any user interaction.
ENISA Threat Landscape [Deliverable
2012-09-28]
In a
Drive-by-Download attack, the web application is tampered (i.e. injected with
HTML code) that instructs a visitors browser to download malware located in an
attackers controlled server. Most often, tampering is not visually apparent to
visitors, thus innocent victims are unaware of the background download
operation. If any warning appears it is usually dismissed since victims believe
it to be part of the original application. The malware is usually Trojan horse
software that takes control of the victims machine, making it part of a larger
botnet.
http://www.imperva.com/resources/glossary/glossary.html
Description of a
series of events culminating in the delivery of malware without the end user
being aware. A "Drive-by-Download" begins with a user visiting a
website that hosts an Exploit which then compromises the user's web browser.
Once the end user's system has been "owned", the exploit makes a call
to download the malware. One commonly overlooked aspect of "Drive-by
downloads" is that they require a vulnerable web browser to be compromised
by an exploit. Any security solution that stops the exploit will prevent the
malware from being downloaded.
https://www.nsslabs.com/reports/threat-definitions
Software, often
malware, downloaded onto a computer from the Internet without the users
knowledge or permission.
Cybersecurity for
Dummies, Palo Alto Networks Edition, 2014
Temas relacionados