Drive-By Downloads: How They Attack and How to Defend Yourself (2024)

Drive-By Downloads: How They Attack and How to Defend Yourself (1)

Drive-By Downloads: How They Attack and How to Defend Yourself (2)

Drive-by downloads are malicious pieces of software that are downloaded to a computer, tablet or smartphone when the user views a compromised Web page or an HTML-based email message that links to a website.

In many cases, the malware will be automatically installed on the system; in almost all cases, the user won't be aware of it.

MORE: Trojan Horses: What They Are and How to Avoid Them

The malware delivered by a drive-by download is usually classified as a Trojan horse, or Trojan for short, because it deceives the user about the nature of the website or email. In most cases involving compromised websites, the operator of the website has no idea his site is distributing malware.

Once installed, malware delivered by a drive-by download can do a number of different things: log keystrokes, scan the system for files of a personal nature, herd the system into a botnet of similarly compromised machines, infect the Web browser with a banking Trojan that hijacks online-banking sessions or install a "backdoor" that will let in even more malware.

Modern Web browsers such as Firefox and Google Chrome, as well as robust anti-virus software, will alert users when browsers visit websites known to be compromised or malicious. But many drive-by download links are well hidden and won't cause infected sites to appear on blacklists of compromised sites.

A real-world example

The Mac Flashback outbreak, which infected an estimated 600,000 Macs in March 2012, showed how successful drive-by downloads can be.

Sign up to get the BEST of Tom's Guide direct to your inbox.

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Malware writers began by creating a fake "toolkit" for WordPress-based blogs that tens of thousands of WordPress users installed, creating a "backdoor" that let the malware writers infect their blogs.

Browsers visiting those pages were redirected to malware sites, which tried to install a "downloader," the first part of the Flashback Trojan. If direct installation of the downloader without the knowledge of the user failed, another piece of malware used a more traditional technique: It asked the user for permission to install (fake) Apple software, which was in fact the downloader.

Once installed, the downloader would install more malware. One piece was a backdoor; another hijacked Web browsers to replace Web ads with ads controlled by the malware writers.

The Flashback outbreak was contained by Apple security updates in early April 2012, but in retrospect, the owners of those 600,000 infected Macs were lucky.

The backdoor didn't install anything except fake ads. It could have instead stolen the users' identities, emptied their bank accounts or used the infected machines to pump out spam and malware.

How to protect yourself

To avoid being infected by drive-by downloads, computer users need to do three things.

First, set up the user accounts so that all regular users have limited permissions and cannot modify applications or the operating system. Create a separate administrator account to be used only when installing, updating or deleting software. Do not use the administrator account to browse around the Web or read emails.

Second, set the computer so that operating-system updates are automatically installed, and turn on whatever firewalls are available. (If you have a wireless router, its firewall should also be activated.)

Third, install a robust anti-virus software product, set it to automatically update itself with the latest malware definitions, and make sure it performs regular full-system scans.

Many free anti-virus products are available, but the paid ones do a better job of protecting Web browsers and email clients from drive-by downloads.

Smartphone and tablet users need to take different precautions. Owners of Apple iOS devices such as the iPhone, iPad and iPod Touch should avoid "jailbreaking" their devices and should install Apple system updates.

Android owners, however, should never immediately install a system update that suddenly appears on their screen; instead, they should check the Google Mobile Blog to check whether it's legitimate. Installation of mobile security software is also essential for Android users.

Follow us @tomsguide, on Facebook and on Google+.

Tom's Guide upgrades your life by helping you decide what products to buy, finding the best deals and showing you how to get the most out of them and solving problems as they arise. Tom's Guide is here to help you accomplish your goals, find great products without the hassle, get the best deals, discover things others don’t want you to know and save time when problems arise. Visit the About Tom's Guide page for more information and to find out how we test products.

More about antivirus

ESET Mobile Security review: Excellent malware protection with an ultrafast scannerKaspersky Antivirus for Android review: Great protection and plenty of extras but at a steep price

Latest

Amazon knocks up to 40% off Dyson ahead of Black Friday — 7 deals I’d shop now
See more latest►

TOPICS

Most Popular
7 sustainable ways to use cardboard in your yard
Lumbar support explained — why you need it and how to get it on your next office chair
Google Gemini — 5 tips to get better results with your prompts
How to care for roses in fall and winter — for beautiful blooms year after year
Standard lunges aren't the only bodyweight exercise you should do to build leg strength — try box pistol squats instead
iOS 18 Notes just got a major overhaul — here's how to use it
New Zealand vs West Indies live streams: How to watch Women's T20 World Cup 2024 online, White Ferns set target of 129
iPhone's Grayscale filter rescued my sensitive eyes — here's how to enable it
Going to bed earlier can make dark winter wakeups easier — here's how
How to propagate succulents from cuttings — multiply your plants for free
iOS 18 lets you navigate your home screen with eye tracking — here's how
Drive-By Downloads: How They Attack and How to Defend Yourself (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Rubie Ullrich

Last Updated:

Views: 5946

Rating: 4.1 / 5 (72 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Rubie Ullrich

Birthday: 1998-02-02

Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119

Phone: +2202978377583

Job: Administration Engineer

Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking

Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.