|
| Description: | | Emerging Threats “Driveby” signatures indicate that a malicious event has been observed, typically associated with exploit kits or watering hole attacks. This traffic occurs as legitimate activity on the part of the user, they are browsing a website which happens to either be compromised or loads malicious content which is embedded from a third party such as malvertizing. The user’s web browser and installed pluginsare then subjected to an exploit kit which attempts to compromise their system.In order to determine if a machine is compromised, or if the signature is an FP/FN, you should look at other signatures that fire against the client endpoint to determine if you see a chain of activity.Typically if an exploit is successful you will see activity such as redirectors, landing pages, exploits, and ultimately command and control traffic. |
|
| Impact: | | Steal information, crash the computer, cause system failure, completely control the computer. |
|
| Affected OS: | | Network Device, Solaris, FreeBSD, Windows, Mac OS, Other Unix, Linux |
|
| Reference: | | |
|