October 12th, 2004, 07:17 PM
The Anatomy of a "Drive-by-download"
Thanks to Ecross for finding this excellent article:
Anatomy of a "Drive-by-download"
April 2nd, 2006, 11:19 AM
There may be some problems with the above link. Here is an alternative in PDF form:
Anatomy of a "Drive-by download"
April 2nd, 2006, 12:30 PM
Speaking of which ...
Hackers Use BBC News as Keylogger Trojan Lure
... excerpts from actual BBC News stories are being used to lure IE users to Web sites that launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.
One version of the spammed e-mail seen by eWEEK contains a portion of a BBC News item published on March 27 about the Chinese yuan hitting a post-revaluation high against the U.S. dollar.
After the legitimate excerpt, the hackers embedded a "read more" link that points to a Web site that contains a spoofed copy of the BBC News story from the e-mail.
Websense researchers found that the rigged site exploits the unpatched createTextRange vulnerability to download and install a keystroke logger without any user action.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)