Imagine getting up in the morning, pulling your laptop and visiting your favorite website. You open a page, and malicious code embedded in that site stealthy deploys dangerous malware on your machine.
All of this, without you even knowing that your system has been compromised.
This is a classic case of a drive-by download attack. It happens when an unintentional download of malicious code to your computer or mobile device leaves you open to a cyberattack. You don’t have to stop or click anywhere on the malicious page to cause the infection — simply viewing the page is enough, for the attack happens in the background without your consent.
We take a detailed look at what drive-by download attacks are, how they work, what makes them so deadly, and also outline the steps you can take to thwart them.
What is drive-by download?
You may be wondering, what’s with the funny name? Drive-by download? Really? Look beyond the nomenclature and you will find that this type of an attack truly is one of the most dangerous of threats that lurks across the nooks and crannies of the web.
Cybercriminals seemingly have a million different ways to target your machine, but there is no denying that some methods are more pernicious than others. A drive-by download attack is one of them.
This malware delivery technique is stealthy in how it is triggered simply because you visited a website. Yes, you read that right. This type of cyberattack can infect your PC with malware without you even doing anything. Attackers can run malicious code on your device and gain unauthorized access to all your files and personal information.
Worse yet, all this can happen without your knowledge. Or that of the website owner for that matter, who may not even be aware that his website has been compromised by cybercriminals.
Call it unfortunate, but cybercriminals have become much more sophisticated over recent years. A lot of this has got to do with the improvements in OS and software security. And this has led to attackers developing novel new ways to target users.
Drive-by download attacks are not exactly new, they have been around for an age.
But what makes these threats particularly lethal is their stealth. Malware can now be served as hidden codes within website content. Even popular and legitimate websites can expose you to this attack, as these can be unknowingly compromised by hackers. And this is what makes these types of attacks so dangerous — it can happen to anyone, through no fault of their own.
In fact, drive-by downloads are now closely associated with two of the most virulent forms of malware around, namely banking trojans and ransomware. Both are worst case scenarios for security, and have the potential to cause immense amount of stress to users, and enormous disruption to companies.
Long story short, drive-by downloads are a dangerous business!
How a drive-by downloads attacks?
Before we get any further, let’s dive into some technical aspects of this threat in order to really drive home the point of just how sophisticated a menace we are dealing with. As you will see below, there are a few different ways that cybercriminals utilize this technique to push the payload.
Traditionally, malware only activated when a user opened an infected file, either by downloading an executable that was downloaded from the Internet, or by opening an attachment that was sent to his or her email address.
Unfortunately, hackers have become much more sophisticated over recent years, and modern malware can do without this level of interaction. It can be served as hidden codes within website content, or beamed via banners and dubious advertisement.
Remember, there are two main scenarios for drive-by download attacks. One when a big, legitimate website is compromised, and the other is when you are enticed towards suspicious web page. While it may be hard to avoid the former, the latter one is in your control. Never wander off to sites that look doubtful, and make it a habit of not clicking links you are not sure what is on the other end.
For if you do, it may well be too late by the time you realize your system is infected.
How can your system be compromised?
When you visit an infected page, your browser automatically loads the malicious code that then automatically scans your computer for security vulnerabilities in the OS or other installed software, and then infiltrates the system by exploiting any flaws found.
The downloaded malware often initiates a buffer overflow attack, which when a malicious program or script deliberately sends more data to a target application. This is exploited to create a back door to the system that can allow a hacker to gain access to a compromised system.
Listed below are some of the more common ways how such an attack might unfold:
- Droppers may be deployed, which then load more malware onto these PCs without detection.
- Keyloggers are installed on your system to record your text input and key strokes.
- Ransomware is used to encrypt data on the target device, demanding payment or recovery.
- Botnets can be deployed to secretly transmit spam or conduct attacks on other systems.
- Man-in-the-middle malware can modify the data inserted into web forms and address bars.
- Backdoors may enable attackers to increase privilege levels and modify user accounts.
- Transfer of the personal data and sensitive information of the victim, including login credentials.
The real action starts once a drive-by download attack is successfully activated.
Hackers can pretty much gain complete control over your system, along with the ability to steal your sensitive information, lock up files, reformat the hard drive, or even install programs that transforms your computer into a zombie PC and hooks it up to a botnet for use in further cybercriminal activities.
Why are drive-by download attacks popular?
Dangerous as drive-by download attacks are, their prefiltration is even scarier. And that is mainly due to the easy availability of affordable and automated exploit kits in the dark shadows of the web that allow cybercriminal to easily compromise websites.
Then there is the small issue of the growing complexity of web browsers and their addons and plugins. Truth is, modern software is not immune to flaws. The more popular a system or application is, the more commonly it is exploited by drive-by download attacks.
The list is endless, but here is a selection of some of the more prominent software targeted by cybercriminals:
- Old operating systems like Windows XP, Windows 7
- Early versions of Microsoft Office
- Browsers, especially out of date versions of Firefox, Chrome, and Internet Explorer.
- Unsecure and outdated browser addons
- ActiveX, Adobe Shockwave and Flash
- Adobe Reader, Foxit Reader
- Microsoft Silverlight
- Oracle Java
The sad reality is that virtually all applications have security holes.
Large, reputable software vendors roll out updates and patches to fix these known vulnerabilities, but the same can’t be said of smaller ones. And then there is the case of actually installing these updates. A study by Google revealed that only 38% of users automatically or immediately updated their software when a new version was made available.
All these factors mean there are more weaknesses for cybercriminals to exploit.
And hackers capitalize on this very fact to do their deeds.
Which sites are most at risk?
That depends on the cybercriminals in question. While many bad actors prefer setting up their own websites that are designed to lure unsuspecting visitors to pages hosting malicious code, some prefer using established, high-traffic sites to conduct their attacks.
Popular pornography and file-sharing websites often make the list for drive-by download risks due to their shady nature. But over the years, even legitimate sites have also fallen victim to these attacks. These include sites like Hasbro, Huffington Post, The New York Times, NBC, Amnesty International, AskMen.com, and Cracked.com.
Even established technology giants like Google and Microsoft were not spared here, and their websites were used to spread malware to unsuspecting users.
Protecting yourself from drive-by downloads
As with many aspects of cybersecurity, caution is the best defense. It is extremely difficult, almost impossible, to develop software free of vulnerabilities. And hackers exploit this very fact, as they target old and outdated programs to initiate these attacks.
Here are a few key tips that you can stay protected from these raging threats:
Always keep your software updated
The single most important measure you can take to protect yourself from drive-by downloads is to keep all your software up to date. This is true for your operating system and antivirus program, but doubly true for your browsers and its addons and plugins.
Ensuring that you are running the latest web browser and update extensions is critical, because most drive-by downloads exploit known vulnerabilities insider older versions of the browser and plugins like Adobe Acrobat and Adobe Flash. New patches released by vendors help seal the gaps where drive-by download code may burrow in.
Taking 5 minutes to install the newest Windows update or updating your web browser to the latest release can often be the difference between a safe system and one that has been compromised.
Uninstall unnecessary programs
While you may be tempted to keep your favorite programs installed on your system at all times, you should be wary of keeping too many unnecessary applications on your device. The more software and addons you have installed, the more susceptible your devices are to infection.
Only keep the software that you trust and use regularly, and get rid of the clutter to not only speed up your PC but also prevent drive-by download attacks from occurring.
Install a script-blocking plugin
This one is a no-brainer. If an offer appears to good to be true, then it probably is. Cybercriminals often try to lure you away to a compromised website by giving away free content that you would normally have to pay for. Pirated software or music is most commonly used as a bait.
No website is hack-proof, of course. But the basic rules of Internet safety still apply. You don’t want to be opening up suspicious links in emails, nor do you want to wander off to shadowy places on the web. At least not on your main machine.
User a different PC for secure tasks
It’s a good idea not to log into your banking accounts and sites storing important, sensitive information from any old machine. Ideally, you have another PC or device that is used to surf the web, and a dedicated device for other secure tasks. This is the best way to limit exposure to online malware, particularly one that is spread via drive-by download attacks.
Drive-by download attacks are one of the trickiest forms of malware around these days. Cybercriminals are using this technique to deliver malware to users without them knowing something bad has happened to their machine — until it is too late.
This is what make this threat so lethal, so widespread. You will have to be at you best to avoid it.