What is Drive-by Download?

A drive-by download is when harmful software finds its way onto a user’s device, usually without that user’s knowledge or agreement. This type of attack happens when a user clicks on a compromised link or visits a website that has malware on it, which results in the automatic download of malware. Drive-by Downloads are regarded as risky in the field of cybersecurity because they employ holes in web browsers, plugins, or apps to spread malware.

Instances of Drive-by Downloads in Cyber Attacks

1. Visiting compromised websites: Hackers may target legitimate, popular websites with vulnerabilities, inserting malicious scripts that infect visitors. Even a brief visit can lead to an automatic malware download without any interaction from the user. Users do not need to click on anything; just visiting the page can trigger the malware, as it exploits the background processes of the browser.
2. Malicious advertisements (Malvertising): Malvertising refers to the injection of malware into legitimate online advertising networks. Ads appearing on trusted sites like news outlets or entertainment platforms may contain malicious code. Even if users do not click on the ad, the malware can be delivered silently through hidden scripts in the ad’s display.
3. Exploiting outdated software: Outdated software, especially browsers and plugins like Flash or Java, can have known vulnerabilities. Attackers seek out these vulnerabilities to deliver malware through drive-by methods. Hackers often develop new exploits when vendors stop supporting or updating software, leaving users exposed if they continue using these outdated versions.
4. Embedded links in emails: Phishing emails frequently contain links that lead to malicious websites. Clicking on these links can initiate a drive-by download, often disguised as a legitimate update or form submission. Even previewing an email in certain vulnerable clients can trigger the malware download if the email contains embedded scripts or infected attachments.
5. Pop-up windows: Attackers may disguise malware as software updates, security warnings, or surveys within pop-up windows. Users who unknowingly interact with these pop-ups risk initiating an automatic download. Some pop-ups contain fake “X” buttons that download malware instead of closing the window.

How Drive-by Downloads Are Executed

1. Exploit kits: Hackers use exploit kits like RIG or Neutrino to scan a visiting user’s system for outdated software or weak security settings. Once vulnerabilities are detected, the exploit kit delivers malware customised to those specific weaknesses. These kits are often sold on the dark web, making it easy for cybercriminals with limited technical knowledge to carry out sophisticated attacks.
2. Stealthy malware: After downloading, the malware typically operates unnoticed, allowing hackers to steal data, install additional malware, or gain remote access to the infected system. Ransomware, spyware, and keyloggers are common malware types distributed through drive-by downloads that can cause substantial data or financial loss.
3. Targeted attacks: Some drive-by campaigns are highly targeted, focusing on sectors like finance, healthcare, or government. These attacks are often designed to infiltrate critical infrastructure or steal sensitive information. In these cases, attackers may spend more time developing customised exploits, ensuring that the malware is difficult to detect and remove.
4. Watering hole attacks: A watering hole attack occurs when hackers compromise a website that a certain group of people frequently visit (e.g., employees of a particular corporation). Users’ devices become infected with a drive-by download after they visit the hacked website. By using this technique, attackers can indirectly target particular businesses or sectors without breaking into their internal networks.
5. Obfuscation techniques: Cybercriminals often use advanced techniques to hide their malicious code, making it difficult for security systems to detect and block drive-by downloads. Obfuscation methods include encrypting the payload, using multi-stage attacks, and rotating infected IP addresses to evade detection by traditional antivirus systems.

How to Protect Against Drive-by Downloads

1. Keep software up to date: Software developers release regular updates to patch security vulnerabilities. By keeping operating systems, browsers, and plugins up to date, users reduce the risk of being targeted by known exploits. Automated updates are recommended, ensuring that critical patches are applied as soon as they are available.
2. Use security software: Installing and regularly updating antivirus and anti-malware software helps detect and block malicious downloads. These programs monitor network activity and scan downloaded files for suspicious behaviour. Consider using browser security extensions that block pop-ups and prevent malicious scripts from running.
3. Enable browser security settings: Browsers often come with built-in security features that can block or alert users about malicious websites or downloads. Adjusting security settings to a higher level can prevent many drive-by downloads. Disable browser plugins or add-ons that are no longer supported or necessary, as these are frequent targets for exploitation.
4. Be cautious with email links and attachments: Phishing emails are a common vector for drive-by downloads. Do not click on links or download anything from unfamiliar or suspicious sources. Even if an email appears to be from a known source, always verify its authenticity, as hackers can spoof email addresses to appear legitimate.
5. Avoid visiting unknown websites: Stick to trusted websites and avoid clicking on unfamiliar links or ads. If unsure about a site’s legitimacy, use tools like Google Safe Browsing or browser extensions to check for potential risks. When browsing, use a secure network and avoid public Wi-Fi, as attackers can inject malicious code into websites accessed over unsecured connections.

How can iZOOlogic help my Company or Organisation?

iZOOlogic offers cutting-edge solutions to safeguard against drive-by downloads and other malware threats. Our advanced monitoring systems can detect and block malicious downloads in real time, ensuring your organisation stays protected from unseen cyber threats.

To find out more about how iZOOlogic can help protect your company’s cyber security, schedule a demo.