On October 2014 as part of my talk at the Black Hat Europe 2014 event, I presented a new web attack vector that enables attackers to gain complete control over a victim’s machine by virtually downloading a file from trusted domains. I decided to call this technique Reflected File Download (RFD), as malware can be "downloaded" from highly trusted domains such as Google.com and Bing.com without ever being uploaded.
more here.........http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html
more here.........http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html