Drive-by Download

What is a drive-by download attack?

A drive-by download attack occurs when a user’s device has been infected with malware without their knowledge or consent. Usually, the malicious code is embedded in a compromised website and automatically downloads to the user’s computer or mobile device when they load the page.

How does a drive-by download attack work?

Drive-by download attacks usually exploit vulnerabilities in web browsers and browser plugins. A cybercriminal will create a corrupt link, website, or email and trick you into clicking a malicious link. Then, the malicious code installs malware onto your device.

Types of drive-by download attack

The two types of drive-by download attacks are authorized and unauthorized drive-by downloads. These are also known as active and passive drive-by download attacks. In an active attack, you need to actively click a link or initiate installation. In a passive attack, the malware will infect your device without any action on your part.

How authorized drive-by downloads work

Authorized drive-by downloads occur when you actively download malicious software, usually after being tricked by a social engineering or phishing scam.

For example, you might click a link that carries a virus. Or, you might click a fake alert warning you to update your antivirus software. When you click the link, it triggers a drive-by download attack and infects your device with malware.

Clario AntiSpy’s Safe Browsing feature can help by shielding you from phishing and malicious websites. It also blocks advertisers and data collectors from tracking your online activities and stealing your personal information.

To use Clario AntiSpy:

1. Download Clario AntiSpy and create an account
2. On the dashboard, hit Safe browsing

3. Enable the extension in your Safari or Chrome

4. Once the extension is active, it will notify you if your browsing road is unsafe, block ads, and keep tracking cookies at bay.

How unauthorized drive-by downloads work

Unauthorized drive-by attacks occur without any action on your part. These usually involve more sophisticated software that can infect your device if you simply visit a compromised website. Often, these attacks exploit software vulnerabilities (such as out-of-date browser extensions) to automatically trigger the download and installation of malicious code.

This is similar to how you can get a virus from plugging in a USB—it’s automatic.

Types of drive-by download payloads

Cybercriminals can include several payloads in a drive-by attack–some more dangerous than others. These most commonly include:

• Ransomware that locks your device and demands a ransom to restore access
• Malware including viruses, worms, Trojans, and other forms of malicious software
• Spyware and keyloggers that record your keystrokes and capture sensitive information
• Remote Access Tools (RATs) and botnets that take control of your devices.

Methods to prevent drive-by downloads

To avoid downloading malicious code, you need to be proactive. Knowing the signs of a drive-by download attack and practicing safe browsing habits can protect you from falling victim. Here’s what to do:

• Remove any unneeded programs and apps
• Keep operating systems up to date
• Beware of pop-ups
• Only download legitimate software
• Beware of suspicious websites and links
• Consider an ad-blocker
• Install antivirus software
• Start using traffic filtering software

1. Remove any unneeded programs and apps

Removing unneeded programs and apps from your devices can help protect you from drive-by download malware in several ways:

• Reduce the attack surface. Every program has potential vulnerabilities that cyberattackers can exploit. By removing unused programs, you reduce the number of possible vulnerabilities in your system.
• Remove outdated software. Outdated or unsupported software often has unpatched security flaws, making them an attractive target for attackers.
• Minimize browser extensions. Some browser plug-ins have known vulnerabilities, and some are designed specifically to allow drive-by attacks to occur. By minimizing how many you have installed, you can reduce the chances of a drive-by attack.

2. Keep operating systems up to date

Software updates usually include security patches that fix known vulnerabilities. Attackers are always on the lookout for new vulnerabilities, and if they find one, they’ll target it quickly. By keeping your software up to date, you reduce the likelihood of falling victim to an attack.

While it’s important to keep all of your software up to date, the three most important things are your device’s operating system, your web browser, and your browser extensions. These are the three major targets for drive-by attacks, and regularly updating them ensures you have the latest protections.

3. Beware of pop-ups

Pop-ups usually display intrusive ads or use social engineering tactics to encourage you to click on them. For example, they might say that your antivirus software is out of date or pretend to lock your device until you click on the advertisement.

For this reason, you should never click on pop-ups—especially those that urge you to take immediate action. Likewise, you should disable pop-ups in your browser settings to reduce the opportunity for them to initiate drive-by attacks.

4. Only download legitimate software

Vendors distribute legitimate software through reputable sources, like the company’s website or trusted app stores. These trusted sources have strict security measures in place to ensure that the software is free from malware.

Software from legitimate sources typically also receives frequent security patches, helping to ensure that it’s safe from cyberattacks.

When you download apps or software from untrustworthy places, you increase your chances of downloading malware.

5. Beware of suspicious websites and links

The internet is full of suspicious websites, malicious links, and attempts to compromise your system for personal gain.

To avoid these pitfalls, you need to practice safe browsing and cyber hygiene habits:

• Only access trustworthy websites. Look for signs of legitimacy, including HTTPS encryption, recognizable (and not spoofed) domain names, and professional designs.
• Hover over links before clicking. When you hover your cursor over a link, it displays the URL. By doing this, you can check whether or not the link is legitimate.
• Beware of email attachments. You should never download attachments or click links in unsolicited messages, whether it’s an email or an SMS.

6. Consider an ad-blocker

Ad-blockers are an effective way to prevent many drive-by download attacks. They’ll block all malicious ads, preventing pop-ups and hidden scripts from initiating drive-by downloads without your knowledge.

Likewise, they’ll help to reduce clickbait and fake download buttons that could contain malicious software.

Clario AntiSpy’s browser extension includes a powerful ad blocker that can block online advertisements before they reach you. Also, keep in mind how to find out if someone is spying on your computer (and protect yourself).

7. Install antivirus software

Antivirus software plays a crucial role in protecting your devices from drive-by downloads. Here’s how:

• Real-time scanning. Antivirus programs constantly scan your device for malicious software, including attempts to download and execute files.
• Malware detection. Even if a suspicious download goes undetected, your antivirus software will detect harmful code and quarantine it before it does any damage. If you do get infected, this is how to get rid of a virus on your computer.
• Web protection. Many newer antivirus programs offer web protection features that block known malicious websites and protect you while you browse the internet.

8. Start using traffic filtering software

Traffic filtering increases your network security by sifting through network traffic and blocking any data transfers that might carry malware or other malicious software. This technique is especially useful for website owners or companies that have a lot at stake if they get infected by malware.

An example of traffic filtering software is web application firewalls (WAFs). These observe and filter your website traffic to defend it against cyberattacks.

Conclusion

To stay safe while browsing the internet, you need to be aware of the risks and how to avoid them. Practicing good digital hygiene and avoiding suspicious links can help protect against drive-by downloads. Also, don’t forget to use Clario's Safe Browsing feature to avoid spying threats while browsing online.