Drive-by download

A drive-by download attack refers to the unintentional download of malicious code to your device that leaves you open to an attack. This can happen while browsing a legitimate website or through a malicious advertisement displayed on an otherwise safe site.

This type of attack comes in authorised and unauthorised flavours. With the latter, for the device to become infected it is not necessary to click on anything, to download, or to open a malicious email attachment. It just happens magically.

Drive-by downloads can install non-malicious potentially unwanted programs or applications (PUPs/PUAs in mobiles, which are clean, but may actually be madware at its worst) or malware-loaded attacks with intention to hijack a device, install spyware, or ruin data or disable the device (a targeted personal attack).

Authorised downloads

  1. Adversary creates an online message, ad, or a legitimate program download.

  2. You click the link, download the software, etc.

  3. You do not opt out of extra software, or are sent to a malware-infested site.

  4. Adversary and malware take control of your data.

Unauthorised downloads

  1. Adversary compromises a legitimate web page using a security flaw in website and adds a malicious component.

  2. You visit the page, and it finds your device’s security flaw.

  3. The flaw is exploited and malware is downloaded to your device.

  4. The adversary has control over your device.

Prevention

  • Use your admin account for app installations. Admin privileges are necessary for drive by downloads to install without your consent. Use a second non-admin account for daily use.

  • Keep browser and operating system up to date. New patches help seal gaps in defenses. Install immediately when released.

  • The more code on the device, the more susceptible it is to infections. Prune often. Only keep what you trust and use often.

  • Use a firewall and virus scanner on a PC and an internet security software solution on phones.

  • Avoid websites that may contain malicious code. Sites that offer file-sharing or mature content are common points of infection.

  • Carefully read and examine security popups on the web before clicking. Scammers use deceptive popup ads on desktop and mobile browsers that look like legitimate alerts. Watch for typos, odd grammar, and grainy images.

  • Use an ad-blocker. Drive-by download attacks often use online ads to upload infections. Using an ad blocker can help reduce your exposure to this type of attack.