Términos\Drive-by Exploits

Drive-by Exploits

principio

Drive-by download, también conocido como Drive-by Exploit, se refiere a un malware que se instala en tu computadora con el sólo hecho de visitar páginas en Internet que están infectadas por este tipo de amenaza. No se requiere una interacción alguna, este malware se encuentra en el mismo código HTML de las páginas infectadas y el sólo hecho de cargarlas en tu navegador de Internet hace que se contamine tu computadora.

http://aprenderinternet.about.com/od/Glosario/

principio

This threat refers to the injection of malicious code in HTML code of websites that exploits vulnerabilities in user web browsers. Also known as drive-by download attacks, these attacks target software residing in Internet user computers (web browser, browser plug-ins and operating system) and infects them automatically when visiting a drive-by download website, without any user interaction.

 ENISA Threat Landscape [Deliverable – 2012-09-28]

principio

In a Drive-by-Download attack, the web application is tampered (i.e. injected with HTML code) that instructs a visitor’s browser to download malware located in an attacker’s controlled server. Most often, tampering is not visually apparent to visitors, thus innocent victims are unaware of the background download operation. If any warning appears it is usually dismissed since victims believe it to be part of the original application. The malware is usually Trojan horse software that takes control of the victim’s machine, making it part of a larger botnet.

http://www.imperva.com/resources/glossary/glossary.html

principio

Description of a series of events culminating in the delivery of malware without the end user being aware. A "Drive-by-Download" begins with a user visiting a website that hosts an Exploit which then compromises the user's web browser. Once the end user's system has been "owned", the exploit makes a call to download the malware. One commonly overlooked aspect of "Drive-by downloads" is that they require a vulnerable web browser to be compromised by an exploit. Any security solution that stops the exploit will prevent the malware from being downloaded.

https://www.nsslabs.com/reports/threat-definitions

principio

Software, often malware, downloaded onto a computer from the Internet without the user’s knowledge or permission.

Cybersecurity for Dummies, Palo Alto Networks Edition, 2014

principio