However, the user usually falls victim to drive-by download
even while doing nothing, as it requires no action from the user and the infection is automatic-and silent-once the web site is opened.
A drive-by download
can take advantage of an app, operating system, or web browser that contains security flaws due to unsuccessful updates or lack of updates.
Now hackers are infecting computers via drive-by downloads
, which don't require a user even to click a link or download an email attachment to let a bug in.
KIRDA (2009b): "Mitigating Drive-by Download
Attacks: Challenges and Open Problems", unpublished manuscript.
Some malicious applications use a "drive-by download
" to infect computers.
sites in particular were discovered to play a large part in the spread of malware in the country.
Victimized computers are traditionally compromised via malicious advertisements that insert malware onto a user's computer or point them to an infected site.AaAaAeAeAaAeAeA But 45 percent of the malware from piracy sites comesAaAaAeAeAaAe form of a drive-by download
, which corrupts a user's computer without the user ever clicking a single link.
The malicious YouTube page attempts to infect the browser with a drive-by download
as soon as the user lands on it.
The vulnerability is the same one used by theFlashback malware, which first appeared around September 2011 and infected as many as 800,000 computers via a drive-by download
. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud.
Fraudulent sites include phishing sites, malware sites, drive-by download
sites and others classified as dangerous by Norton.
"Exploiting this-likely through a drive-by download
attack-would give an attacker near system-level privileges.
EoACA[pounds sterling]Exploiting thisEoACAolikely through a drive-by download
attackEoACAowould give an attacker near system-level privileges.