Security firm Armorize has detected a new variant of Drive By Cache Attack. The attack refers to the process of a user visiting an infected page and subsequently gets installed with malware, without his/her knowledge and without having him/her to click on or to agree to anything. The attack detected by Armorize relied on a different sequence of events. In this case, malicious scripts are used to locate the malware which is already sitting in the browser’s cache directory, before executing it. This so-called drive-by cache approach make attacks harder to detect because no attempt is made to download a file and write it to disk, a suspicion manoeuvre many security software packages are liable to detect. By bypassing this step dodgy sorts are more likely to slip their wares past security software undetected.
The full write-up of the attack, code analysis, and the concept are explained well at Armorize blog. With rise in cyber attacks and exploitation techniques, we will surely see some more interesting 0-days in the coming days.