Drive-By-Downloading
Drive-by-Downloading
An infection or attempted infection by drive-by -downloading is when a web resource such as a website has been compromised and contains exploits or pointers to download malware.
When the webpage is accessed and the page renders in your browser, in the background an exploit is loaded or a redirection to another resource will occur resulting in the downloading of malware onto your computer. The redirection methods used are typically the insertion of an iFrame (inline frame) or JavaScript tag in the webpage. A snippet of a webpage containing an iFrame is detailed below:
As can be seen, the text is clearly visible and in a human readable format however, such tags could also be encoded for obfuscation purposes. Any such encoding would first need to be identified before decoding to reveal the URL.
Additional informaiton…
The boffins at GCHQ have made available an online (or downloadable) tool called CyberChef. The tools capabilities range from the decoding encoding schemes, converting dates and times to different time zones to the disassembly of shell code and conducting entropy tests. CyberChef is as it claims to be, a “Cyber Swiss Army Knife” and is a really cool tool to have in your arsenal of software investigation tools. To use or download CyberChef click here.
Introduction to Digital Forensics: Malware Analysis and Investigations
Introduction to Digital Forensics: Malware Analysis and Investigations
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
