So, what exactly happens in a drive-by download attack? And how can you defend yourself from unknowingly infecting your computer simply by visiting a bad link?
How drive-by download attacks work
Most drive-by download attacks share a common goal: force a Web browser to load an exploit without the victim’s knowledge or interaction. Exploit kits are specially designed Web pages or a series of elements that check your browser for vulnerabilities and exploit them automatically. Exploit kits check things like the version of your browser or any browser add-ons and plugins. If anything is out of date with known security vulnerabilities, the kit automatically exploits those weaknesses to take over your computer and install further malware payloads.
Protecting yourself from drive-by download attacks
In addition to legitimate websites infected with malicious code, there are still a large number of genuinely malicious websites sitting on the Internet waiting to be loaded by a victim’s Web browser. Users are often tricked into visiting these websites using convincing phishing emails. The good news is that phishing emails can be defeated if you know what to look for. Don’t trust links delivered via email and always highlight over them to check their actual location before clicking. When in doubt, manually type in the expected destination into your browser instead of clicking on a link.
Infected legitimate websites are more difficult to defend against, and they sometimes require technical tools to help keep you safe. Exploit kits rely on outdated software full of security vulnerabilities. Prioritize keeping your Web browser and any extensions up-to-date with the latest patches when securing your system against drive-by downloads. Furthermore, consider disabling risky plugins like Java and Flash runtimes if you haven’t already. These plugins have a history of security vulnerabilities.
Malvertising attacks have forced Web browser creators to begin developing their own in-house Web blocker extensions, starting with Google Chrome Ad Blocker, which will launch sometime next year. With many users opting for indiscriminant third-party ad blockers, built-in ones promise to offer the same protection against malvertising and otherwise annoying ads while not cutting off vital revenue for well-behaving websites.
About the Author
Marc Laliberte is an information security threat analyst at WatchGuard Technologies specializing in network security technologies and a regular contributor to IT and security publications.