Drive-by download

Drive-by download is of two types, each concerning the unintended download of computer software from the Internet: Authorized drive-by downloads are downloads which a person has authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet). Unauthorized drive-by downloads are downloads which happen without a person's knowledge, often a computer virus, spyware, malware, or crimeware. Drive-by downloads may happen when visiting a website, opening an e-mail attachment or clicking a link, or clicking on a deceptive pop-up window: by clicking on the window in the mistaken belief that, for example, an error report from the computer's operating system itself is being acknowledged or a seemingly innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the user "consented" to the download, although the user was in fact unaware of having started an unwanted or malicious software download. Similarly if a person is visiting a site with malicious content, the person may become victim to a drive-by download attack. That is, the malicious content may be able to exploit vulnerabilities in the browser or plugins to run malicious code without the user's knowledge. A drive-by install (or installation) is a similar event. It refers to installation rather than download (though sometimes the two terms are used interchangeably). When creating a drive-by download, an attacker must first create their malicious content to perform the attack. With the rise in exploit packs that contain the vulnerabilities needed to carry out unauthorized drive-by download attacks, the skill level needed to perform this attack has been reduced. The next step is to host the malicious content that the attacker wishes to distribute. One option is for the attacker to host the malicious content on their own server.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (1)

Related concepts (7)

Related courses (2)

Related lectures (15)

ME-331: Solid mechanics

Model the behavior of elastic, viscoelastic, and inelastic solids both in the infinitesimal and finite-deformation regimes.

ME-443: Hydroacoustique pour aménagements hydroélectriques

Introduction aux phénomènes propagatifs dans les circuits hydrauliques, calculs de coups de béliers, comportement transitoires d'aménagements hydroélectriques, simulation numériques du comportement dy

Omnidata: A Scalable Pipeline for Making Multi-Task Mid-Level Vision Datasets from 3D Scans

Amir Roshan Zamir, Alexander Evan Sax, Ainaz Eftekhar

This paper introduces a pipeline to parametrically sample and render static multi-task vision datasets from comprehensive 3D scans from the real-world. In addition to enabling interesting lines of res

IEEE2021

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses. Computer viruses generally require a host program. The virus writes its own code into the host program. When the program runs, the written virus program is executed first, causing infection and damage.

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

Safe Surfing II

Emphasizes the importance of safe web browsing practices and how to avoid online threats.

Economy-wide Material Flow Accounts ENV-370: Environmental system analysis and assessment

Explores economy-wide material flow accounts, analyzing material flows in an economy and their environmental implications.

Online Tracking: Stateful vs. Stateless Methods CS-523: Advanced topics on privacy enhancing technologies

Explores online tracking methods, including canvas and AudioContext API fingerprinting, and their privacy implications.