Drive-by Download Dangers
The term “drive-by download” is often encountered in security bulletins and the media reports they inspire. What, exactly, is a drive-by download? Who is vulnerable to it? And how can you protect yourself against drive-by downloads? Read on for answers...
What is a Drive-by Download?
The use of the term “drive-by” conjures up images of innocent victims catching bullets fired from a moving car, with the added pathos of injury caused by a bad guy who was aiming at someone else. The insinuation is that the victim totally didn’t deserve to get shot and is completely blameless for getting hit. Sometimes that is true in the case of drive-by downloads, but not always.
There are two types of “drive-by downloads.” Both refer to an unintentional downloading of malicious software from a website. In the first type, the victim knows he is downloading something but does not know or understand the consequences of doing so. In the second type, a file is downloaded to the victim’s machine without his or her knowledge or consent.
Everyone who surfs the Web is potentially vulnerable to drive-by downloads. They can also be triggered by viewing an email which entices users to click a link to a malicious website.
Malicious software can be cloaked in sheep’s clothing, purporting to be a desirable app that most people will want to download and install. It might even be represented as an anti-malware app; irony aside, what better way to get a victim to lower his or her defenses than by saying, “Disable any existing security software you may have running to avoid conflicts with this anti-malware app?”
Surreptitious downloads give victims no warning that anything is being installed; just loading a Web page in one’s browser or opening an HTML email can (under certain circumstances) trigger hidden code that starts the downloading and installation. Those "certain circumstances" almost always involve vulnerable (unpatched) application software, security software that's outdated, or computers that lack the latest operating system security patches. In some rare cases, a new exploit may slip past even the best defenses and trigger a malicious drive-by download. (See How I Got Hacked... And Why You MUST Have a Backup! and Avoiding Zero-Day Exploits.)
Protection From Drive-By Downloads
Protection against drive-by downloads starts with awareness and appropriate caution. If you know that any software can be malware in disguise, it’s best to stick to downloading apps from sources you have reason to trust. (See Downloading? Watch Out For These Danger Signs) Don't click links in emails, unless you're 100% sure you know where that link will lead. Even if the email appears to be from a friend or a company with which you do business, it could be spoofed. Use a bookmark, type the website address manually, or check with the sender to make sure they really did send it.
Your next step is to make sure that all the software on your computer is up to date with the latest patches and fixes. Using Windows Update will keep you current with the latest Windows security patches from Microsoft. But you've also got third-party software on your computer that can be an attack vector. See Computer Security: The Missing Link to learn how to address the problem.
And of course, anti-malware protection is a must. My article Free Anti-Virus Programs will hook you up with some of the best Internet security software, and save you money in the process.
Protection is also built into most modern browsers. Some techniques rely on crowd-sourced databases of known “rogue” websites from which others have received drive-by downloads. Others rely on monitoring closely the behavior of Web pages or emails for signs that they are trying to download or install something, blocking the suspicious behavior, and notifying you so that you can deny or authorize the suspicious action.
The Devil You Know, or the Devil You Don't Know?
Any site can be invaded by hackers who install hidden code that triggers a drive-by download when visitors view the site’s pages. And it's not just the sketchy or "adult" sites that are likely to harbor malware. One study showed that users are more likely to catch a drive-by download from a religious site than from a p**n site. The reason is that most religious (as well as non-commercial, hobby or personal) sites don’t have much money to spend on security, or lack the technical skills to protect their servers.
Bottom line, be careful what and where you download. Be extra careful and attentive when it comes to links in emails. Keep your application and system software up to date, and use at least one layer of anti-malware protection. I can't promise that will protect you from every conceivable present and future attack, but that's the best set of defenses available now.
Have you been hit with a drive-by download? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 28 Apr 2014
|For Fun: Buy Bob a Snickers.
The Best Upgrades for Your Computer?
The Top Twenty
The End of Free TV?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Drive-by Download Dangers (Posted: 28 Apr 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved