网页木马是一种以JavaScript,VBScript,CSS 等页面元素作为攻击向量,利用浏览器及插件中的漏洞,在客户端隐蔽地下载并执行恶意程序的基于Web 的客户端攻击.网页木马的表现形式是一个或一组有内嵌链接关系的页面/脚本,有漏洞的客户端在访问该(组)页面时会“过路式下载”木马等恶意程序.网页木马通过这种被动攻击模式,能隐蔽、有效地将恶意程序植入客户端,这已经成为恶意程序传播的一种重要方式.近年来,围绕网页木马的攻防博弈在持续进行.首先阐述网页木马的机理和特点,然后从检测、特征分析、防范这3 个方面对网页木马防御方的研究进行总结和分析,最后对网页木马攻防双方的发展趋势进行讨论.

Drive-by-Download is a Web-based attack that targets at downloading and executing malwares on the client side without the user’s notice or consent. It usually takes HTML elements (e.g. JavaScript, VBScript, CSS) as attack vectors, and exploits vulnerabilities in browser and plugins to launch attacks. Drive-by-Download represents as an HTML page or a group of inline-linked HTML pages/scripts. After browsing these pages, vulnerable client sides will automatically download and execute malware. Through the pull-based attack mode, Drive-by-Download can effectively and secretly spread malware to clients and has become an important way to spread malware. In recent years, both the offense-side and defense-side make ongoing development. This paper first introduces the mechanisms and features of Drive-by-Download. Then the paper summarizes and discusses researches on detection, analysis and prevention of Drive-by-Download. Trends of Drive-by-Download and some possible research directions will be discussed at last.

国家自然科学基金(61003217, 61003216); 发改委国家信息安全专项([2010]3044); 国家242 信息安全计划(2011A40)