Home / Research Reports / Analysis Briefs

Threat Definitions

We are providing this clarification of exploits vs drive-by downloads in response to some research and discussions we've had with a number of end-users and vendors. Our research has revealed that some vendors and enterprises are not 'framing' the problem properly.

Threat Types

Vulnerability:
A software coding flaw, bug or condition of a system (hardware, software, operating system, etc.) that can be exploited, allowing a remote, unintended party to gain access to sensitive data, or control a system for unauthorized purposes.

Exploit:
Code that takes advantage of a vulnerability to gain access to data and control over a system.

Malware:
Virus, trojan, rootkit, or other piece of malicious code that requires end user activation to operate. i.e. open the email and attempt to open the attachment.

Social Engineering:
Social engineering is the act of manipulating people into performing actions or divulging confidential information. See: http://en.wikipedia.org/wiki/Social_engineering_(security)

Socially Engineered Malware:
A site where following the URL link directly leads to a 'download' that delivers a malicious payload whose content type would lead to execution. Note there are also 'malicious' sites that will redirect or lead a user to the site with the malware. For the purposes of NSS Labs testing, these 'feeder' URLs are generally not included.

Drive-by Download:
Description of a series of events culminating in the delivery of malware without the end user being aware. A "Drive-by-Download" begins with a user visiting a website that hosts an Exploit which then compromises the user's web browser. Once the end user's system has been "owned", the exploit makes a call to download the malware. One commonly overlooked aspect of "Drive-by downloads" is that they require a vulnerable web browser to be compromised by an exploit. Any security solution that stops the exploit will prevent the malware from being downloaded.

Phishing Site:
The URL both falsely impersonates another entity, and collects personal information via a web form. A 'Phish' can be delivered via many channels, including email, IM, social networking sites and applications, etc. Note: Phishing Sites may also contain drive-by downloads and socially engineered malware.

 

Free Report

Topics:

Product Type: none -

Report Type: none

Report Length: N/A

Vendors Tested:

Products Tested:

March 3, 2011