This is a new one, downloading malware onto you computer even though it has not been uploaded to a website.
By Eduard Kovacs on October 14, 2014 "In most Web attacks, malware is downloaded to victims' machines from a malicious or a compromised server. However, a researcher has uncovered a new attack vector where the malicious file is downloaded without actually being uploaded anywhere.
Trustwave researcher Oren Hafif will present the new Web attack vector, which he calls Reflected File Download (RFD), at the Black Hat Europe security conference that takes place later this week in Amsterdam, the Netherlands.
RFD, which according to the researcher can be exploited even by less skilled hackers, targets both Web applications and Web-based APIs that don't deal correctly with user input and don't set content types correctly in the response. An attacker only needs to find an API that accepts user controlled input and reflects it into the response. The attack is called Reflected File Download because the malicious file is not actually hosted on the targeted website, but instead it's reflected from it."
Full Article
Reflected File Download: New Attack Vector Enables File Downloads Without Upload
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.