Drive-By Download Dangers: How To Keep Hackers Out Of Your Computer

There’s no denying the convenience of online shopping. In 2021 alone, 2.14 billion consumers shopped online to find the best prices and have packages delivered right to their door. The online shopping experience will continue to flourish this holiday season, and around the world, countless people will shop online without thinking twice about the websites they’re spending time on.

But doing so can be costly as cyber criminals are becoming deceptively more creative with ways to manipulate and capture website visitors. There are likely to be more inconspicuously dangerous sites during the holidays, and legitimate websites can also fall victim to cyberattacks. If you happen to visit a website that’s been compromised, your computer can quickly be infected by cyber criminals implementing a popular drive-by download attack.

Drive-by downloads are one of the most common methods used by cyber criminals to install malware and gain unauthorized access to your device, so knowing how they work and what steps you can take to avoid them is essential. Here, we’ll look at what a drive-by download is, types of attacks, and how to stay protected this holiday season.

What Is A Drive-By Download?

When a computer becomes infected with malicious software just by visiting a website, it’s known as a drive-by download. The user doesn’t have to stop or click anywhere on the page, so simply visiting the page is enough to cause an infection. Most types of drive-by downloads take advantage of vulnerabilities in web browsers, operating systems, or file editors and viewers like Microsoft Office and Adobe Flash.

In a typical drive-by download attack, the hacker compromises a legitimate website by embedding or injecting malicious objects inside the web pages. While invisible to the average visitor, the infections could be injected through JavaScript code, iFrames, redirects, malvertisements (an ad that triggers malicious code when viewed or clicked), cross-site scripting, and other malicious elements.

When a user visits the infected webpage, the malicious elements are triggered and exploit a vulnerability in part of the software stack on the user’s computer. Malicious files are then downloaded silently onto the user's device, giving the hacker complete control over the device. Hackers then have the ability to extract passwords or other potential sensitive information from the device.

Types Of Drive-By Downloads

Hackers can use a variety of malicious applications to hack a victim’s device, including:

• Trojan horses. These provide remote control of the user’s device, usually through backdoors or rootkits.

• Ransomware. Allows the attacker to encrypt or destroy data on the device.

• Botnet toolkits. Attackers may directly install botnet applications that perform actions like sending spam emails.

• Droppers. Malware built to load more malware without being detected.

• Man in the middle tools. Also known as MitM, these tools enable attackers to eavesdrop on the user’s communications, insert data into forms, hijack sessions, and steal credentials.

• Keyloggers. These perform keystroke capturing that allows the hacker to gain access to passwords and other sensitive information.

• Data transfer. Tools that allow the transfer of sensitive data to its control center.

How A Drive-By Download Attack Unfolds

The growing complexity of internet browsers are contributing to the increase in drive-by download attacks, as the number of plug-ins, add-ons, and browser versions continually rises. This means there are more weaknesses for cybercriminals to exploit—especially during the holiday season, when more retailers are creating new websites, offering online deals, and putting additional time and effort into building their online presence.

In most attacks, the hacker's objective is to compromise the victim’s machine and enlist it into a botnet. Through the initial security breach, hackers can leverage control of the device for lateral movement. Some common methods used by cybercriminals to deploy a drive-by download include 1) installing keyloggers to capture and record the victim’s keystrokes and 2) using ransomware to encrypt data on the infected device and demand payment for recovery.

These cyber criminals also search through the victim’s data, applications, and configuration files for IDs, passwords, account information, and other sensitive data. The malware can often find login credentials and other sensitive information stored in configuration files for browsers or other applications, so the hacker can use them for nefarious purposes such as conducting unauthorized transactions without the victim’s knowledge.

Defending Yourself Against Drive-By Downloads

Drive-by downloads are a major concern, especially during the holiday season when shoppers are spending more time browsing the web searching for great deals. Here are a few steps users can take to protect themselves from these types of attacks:

• Update software quickly and consistently. Cybercriminals rush to reverse software updates, and target users who haven’t applied them. Configure your operating system, browsers, and applications to update automatically whenever this option is offered or available.

• Remove unnecessary software and plug-ins. Computers tend to fill up with applications and browser plug-ins that are never used. Removing them significantly reduces your chances of falling victim to a data breach.

• Use firewalls. Firewalls can be a great line of defense and can block most malware threats and unwanted traffic..

• Use web filtering software. Turning on security features that monitor websites helps contain malicious drive-by download and other cybersecurity attacks.

• Disable Java and JavaScript. Where possible, disable Java and JavaScript— then put trusted sites that require it on a whitelist.

• Install ad blockers. Drive-by download attacks typically use ads as infection vectors, so blocking them will reduce exposure.

Stay Protected With SiteLock

Now that you know how cyber criminals use drive-by-downloads to install malware and gain unauthorized access to your device, learn more about protecting your web assets and defending against cyber criminals. Read What is Ransomware to discover how hackers hold sites hostage—and four steps you can take to ensure yours isn’t one.