|
We are providing this clarification of exploits vs drive-by downloads in response to some research and discussions we've had with a number of end-users and vendors. Our recent research into the Internet Explorer exploits (Dec 10, 2008) revealed that some vendors and enterprises were not 'framing' the problem properly.
Vulnerability:
A software coding flaw, bug or condition of a system (hardware, software, operating system, etc.) that can be exploited, allowing a remote, unintended party to gain access to sensitive data, or control a system for unauthorized purposes.
Exploit:
Code that takes advantage of a vulnerability to gain access to data and control over a system.
Malware:
Virus, trojan, rootkit, or other piece of malicious code that requires end user activation to operate. i.e. open the email and attempt to open the attachment.
Social Engineering:
Social engineering is the act of manipulating people into performing actions or divulging confidential information. See: http://en.wikipedia.org/wiki/Social_engineering_(security)
Socially Engineered Malware:
A site where following the URL link directly leads to a ‘download’ that delivers a malicious payload whose content type would lead to execution. Note there are also 'malicious' sites that will redirect or lead a user to the site with the malware. For the purposes of NSS Labs testing, these 'feeder' URLs are generally not included.
Drive-by Download:
Description of a series of events culminating in the delivery of malware without the end user being aware. A “Drive-by-Download” begins with a user visiting a website that hosts an Exploit which then compromises the user’s web browser. Once the end user’s system has been “owned”, the exploit makes a call to download the malware. One commonly overlooked aspect of “Drive-by downloads” is that they require a vulnerable web browser to be compromised by an exploit. Any security solution that stops the exploit will prevent the malware from being downloaded.
Phishing Site:
The URL both falsely impersonates another entity, and collects personal information via a web form. A 'Phish' can be delivered via many channels, including email, IM, social networking sites and applications, etc. Note: Phishing Sites may also contain drive-by downloads and socially engineered malware.
|
