What exactly is a drive-by download?
This question was answered on April 1, 2021. Much of the information contained herein may have changed since posting.
The Internet has become the malware delivery system of choice for those with malicious intent because it’s a direct connection to billions of users.
Typically, some form of user interaction is required for malware to gain access to your computer, such as downloading an email attachment or installing a rogue program posing as a legitimate piece of software.
Trying to convince a user into engaging in risky behavior has been getting more difficult as even those that aren’t tech-savvy have learned about their tactics.
As a normal course of using the Internet, every time you visit a website, you are downloading files from that website to your computer in order to render the page.
A more efficient way to find victims is through the use of websites that are rigged with malware agents. This reduces what the potential victim has to do to become compromised.
The malware agents hiding within the site immediately go to work searching your computer for known vulnerabilities that haven’t been patched. If they find any holes, they can leverage the vulnerability to silently sneak malicious code onto your computer as the page is loading.
In many cases, the goal is to find vulnerabilities that will allow the hacker to remotely access the computer, providing them with endless opportunities to exploit the victim.
The only action the victim needs to take in the ‘drive-by download’ scenario is to simply visit one of these booby-trapped websites.
Malicious links leading to these sites can be sent via email, text messages, in social media posts, in forums, in the comments section of a website or anywhere an active web link can be used.
Hacking Legitimate Websites
Another tactic for getting malicious links in front of victims is by compromising legitimate websites and embedding the links within the site. This is why it’s so important for anyone with a website to keep up with security updates or risk becoming an unwitting accomplice to this malicious activity.
Hackers have also been known to sneak malicious ads onto websites - also known as ‘malvertising’ – aware that most users don’t suspect that an ad can lead to malware.
The initial item exposed to these malicious websites is your browser, so keeping it updated is your first line of defense.
If you aren’t sure how to check for updates for your browser, do a Google search for “updating XXXX browser” where XXXX is the name of your browser.
Google Chrome also has a Safety Check feature that will review updates check for potentially harmful or vulnerable extensions by typing this into the address bar: chrome://settings/safetyCheck
Your operating system is another critical item that needs to be kept updated. Windows 10 users are generally force-fed updates but macOS users have a little more control over updates.
We typically see a much larger percentage of Apple computers that haven’t been updated, so if you’re a Mac user, don’t fall into a false sense of security when it comes to keeping your computer updated.
A great way to avoid ‘malvertising’ is by using an ad-block, which gives you total control over what gets downloaded to your computer while surfing: https://bit.ly/3cMlddo
About the author
Posted by Ken Colburn of Data Doctors on April 1, 2021