Skip main navigation

Drive-By-Downloading

Article detailing the basics of a malware infection via a compromised website also referred to as a Drive-by-Downloading.
Drive-by-Downloading

An infection or attempted infection by drive-by -downloading is when a web resource such as a website has been compromised and contains exploits or pointers to download malware.

When the webpage is accessed and the page renders in your browser, in the background an exploit is loaded or a redirection to another resource will occur resulting in the downloading of malware onto your computer. The redirection methods used are typically the insertion of an iFrame (inline frame) or JavaScript tag in the webpage. A snippet of a webpage containing an iFrame is detailed below:

Web page snippet depicting HTML iframe tag.

As can be seen, the text is clearly visible and in a human readable format however, such tags could also be encoded for obfuscation purposes. Any such encoding would first need to be identified before decoding to reveal the URL.

Additional informaiton…

The boffins at GCHQ have made available an online (or downloadable) tool called CyberChef. The tools capabilities range from the decoding encoding schemes, converting dates and times to different time zones to the disassembly of shell code and conducting entropy tests. CyberChef is as it claims to be, a “Cyber Swiss Army Knife” and is a really cool tool to have in your arsenal of software investigation tools. To use or download CyberChef click here.

CyberChef logo.

© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now