Exploring the Growing Problem of Drive-By Downloads

Aug 25, 2021

Malware infections often begin with downloading one or more files. Whether it’s a virus, trojan, worm, keylogger or ransomware, you’ll probably have to download it onto your computer for an infection to occur. Only after downloading the malicious file or files will your computer become infected. While most downloads are performed manually, though, some of them are performed automatically. Drive-by downloads, for instance, typically occur behind closed curtains, making them difficult to notice and equally difficult to prevent.

What Is a Drive-By Download?

A drive-by-download involves automatically downloading one or more files — typically malicious files — from a website. You don’t actually select the file or files, nor do you manually agree to download them. Drive-by downloads are characterized by their hidden mechanics. The malicious file or files will download onto your computer automatically. You may visit a website with the goal of finding information about a topic, only for the site to infect your computer with malware via a drive-by download.

How Drive-By Downloads Work

While there are different ways to execute them, most drive-by downloads leverage a vulnerability. In a perfect information technology (IT) setting, drive-by downloads shouldn’t occur. No website or app should be able to force files onto your computer without your explicit consent. There are a few exceptions. Cookies, for instance, can be sent to your computer from websites. But for most files, you’ll typically need to agree to download them. Of course, vulnerabilities in your web browser, operating system or other software can pave the way for drive-by downloads.

It only takes a single vulnerability to make your computer a target for drive-by downloads. Maybe your web browser has a vulnerability, or perhaps your operating system has a vulnerability. Regardless, if there’s a vulnerability present on your computer, a website may take advantage of it by triggering a drive-by download.

Tips to Protect Against Drive-By Downloads

To protect against drive-by downloads, you need to keep your computer’s software up to date. Outdated software is a common cause of vulnerabilities. And as previously mentioned, vulnerabilities are responsible for most drive-by downloads. Installing new software updates will lower your risk of being targeted with a drive-by download.

You can also protect against drive-by downloads by avoiding suspicious websites. You can’t trust suspicious websites. They could be used to distribute malware via drive-by downloads or other methods. Along with keeping your computer’s software up to date, avoiding suspicious websites can protect it from drive-by downloads.

#driveby #downloads #problems