Page 1209 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1209

unauthorized, or unknown activity on a computer system. Malicious
               code can take many forms, including viruses, worms, Trojan horses,

               documents with destructive macros, and logic bombs. It is often called
               malware, short for malicious software, and less commonly malcode,
               short for malicious code. Attackers are constantly writing and
               modifying malicious code for almost every type of computing device or
               internet-connected device. Chapter 21 covers malicious code in detail.

               Methods of distributing viruses continue to evolve. Years ago, the most

               popular method was via floppy disks, hand-carried from system to
               system. Later, the most popular method was via email as either an
               attachment or an embedded script, and this method is still popular
               today. Many professionals consider drive-by downloads to be one of
               the most popular methods.

               A drive-by download is code downloaded and installed on a user’s
               system without the user’s knowledge. Attackers modify the code on a

               web page and when the user visits, the code downloads and installs
               malware on the user’s system without the user’s knowledge or consent.
               Attackers sometimes compromise legitimate websites and add
               malicious code to include drive-by downloads. They also host their
               own malicious websites and use phishing or redirection methods to get
               users to the malicious website. Most drive-by downloads take
               advantage of vulnerabilities in unpatched systems, so keeping a system

               up-to-date protects them.

               Attackers have sometimes used “malvertising” to spread malware.
               They pose as legitimate companies and pay to have their ads posted on
               legitimate websites. If users click the ad, they are redirected to a
               malicious site that typically attempts a drive-by download.




                             Attackers frequently use a drive-by download to infect a

                  single system, with the goal of gaining a foothold in a network. A
                  common method is to send phishing emails with links to malicious

                  sites along with a short phrase such as “You’ll like this” or “You
                  have to check this out.” If users click the link, they are taken to a
                  site that attempts to download malware. If successful, attackers use
                  this infected computer as a pivot point to infect other computers in
   1204   1205   1206   1207   1208   1209   1210   1211   1212   1213   1214