- In this type of attack, a visitor does not require to click anywhere on the infected website, rather just visiting the site is enough to cause the infection.
- The commonly exploited systems by drive-by download attacks are outdated Operating Systems, out-dated browsers and plug-ins, and old versions of Microsoft Office, among others.
Drive-by downloads are one of the common methods used by attackers to install malware on unsecured websites. Visitors visiting the infected website will get the malware downloaded on their computer or mobile device.
How do attackers infect a website?
Attackers compromise a legitimate website by injecting malicious code inside the web pages. The malicious code could be anything ranging from JavaScript code, iFrames, links, redirects, and malvertisements, to cross-site scripting, and more.
Upon injection, the malicious code scans the victim’s computer for security vulnerabilities in the operating system and other applications and exploits it to invade into the system.
How does a drive-by download attack work?
- In this type of attack, a visitor does not require to click anywhere on the infected website, rather just visiting the site is enough to cause the infection.
- When a user visits an infected webpage, the user’s browser automatically loads the malicious code in the background and downloads the malware without the user’s knowledge or consent.
What are the commonly exploited systems?
The commonly exploited systems by drive-by download attacks are
- Outdated Operating Systems
- Out-dated browsers and plug-ins
- Old versions of Microsoft Office
- Adobe/Shockwave Flash (ActiveX)
- Adobe Reader
- Foxit Reader
- WinZip
- 7-Zip
- Microsoft Silverlight
- Oracle Java
Examples of drive-by download attacks
- The Mac Flashback outbreak - In March 2012, the Flashback trojan infected nearly 600,000 Mac systems via drive-by downloads. Attackers created a fake toolkit for WordPress-based blogs which infected the users who installed the toolkit with the Flashback trojan. Visitors visiting those infected blog pages were redirected to malware sites, where the Flashback Trojan was installed on their systems.
- Drive-by download attack on Google - In April 2019, researchers spotted a drive-by download attack on Google. Attackers used Google Sites to create a website and then used the file cabinet template to upload the LoadPCBanker malware. This malware steals data from a victim’s machine and sends the stolen data to a MySQL server controlled by the attackers.
How to prevent drive-by download attacks?
- To prevent drive-by downloads, it is always recommended to keep your web browser and operating system up to date.
- It is highly recommended to never install too many plugins and add-ons in your browsers.
- Using a non-privileged account for common day-to-day work and all online activities will help stay protected against drive-by downloads.
- Experts recommend using a separate browser for online shopping and financial transactions.
- Drive-by download attacks frequently use ads as infection vectors, therefore, installing an ad blocker will help stay protected.
- It is always best to use good security software, firewall, and antivirus program.