While malicious servers hosting "drive-by-install" scripts are continuously evolving, their goal remain the same: to silently drop and run malicious files on the victim's computer. The flaws exploited by those Web Attacks Toolkits have been quite the same for a while, so what's new in "malscripts" world? As we pointed in a previous post, malicious web-based exploits writers worked out some advanced obfuscation methods to hide their malicious scripts from detection. It seems that this trend is taming down and being replaced by a simpler yet effective... [Read More]
by RSS David Maciejak  |  Mar 04, 2009  |  Filed in: Security Research
Legitimate -- and sometimes renowned -- web sites are more and more subject to code-injection attacks; and it's not rare today to find your every day site injected with malicious JavaScript code, which sole purpose is to silently redirect all visitors to malicious servers "behind the scenes." What happens on those servers is called a "drive-by-install" in the jargon, and results in malicious executable files being (again) silently pushed and run on the victim's computer. Details on the drive-by-install process, while interesting, are out of the... [Read More]
by RSS David Maciejak  |  Feb 25, 2009  |  Filed in: Security Research