Drive-by Downloads

laptop computer on the table with notepad and coffee cup with Ntrepid logo in foam

Share this post

Drive-by Downloads

Are you concerned about drive-by downloads?

You should be. Drive-by downloads do not get the same attention as some other attacks, but that doesn’t make them any less dangerous or frequent.

What exactly is a drive-by download?

In this type of attack the user’s browser is tricked into downloading some malware without any interaction or warning. Simply viewing the content triggers the download automatically. You just visit a website or view content that has been compromised by an attacker, and you are immediately a victim.

According to a 2012 Baracuda Labs report, over half of the websites infected with drive-by downloads were well established (over 5 years old). In addition, Baracuda estimated 10.5 million people were infected by the 25,000 most popular websites in just one month.

What’s even scarier is that almost any web content can initiate this kind of attack. In many cases the drive-by download is initiated by code within a banner ad on a legitimate website. The attacker is able to trick the advertising network into sending the exploit code along with some random advertising image. The attacker can also compromise a website by hacking the server and installing the drive-by download code directly into the website. Finally, the attackers can set up their own website hosting the malware, attracting victims through search optimization, ads, or other links.

No matter the source, as soon as a browser accesses the drive-by download code, the attack is initiated. There is no need for the user to click on a link to start the download, just seeing the page or the ad is enough to launch the attack. Typically there is no warning about the download and the malware runs automatically without any prompt or action by the user.

Once executed, the malware can take control of the computer, retrieve files, capture passwords, and start to attack other devices on the network, which is why everybody should be concerned about this type of attack. While these attacks are often untargeted, targeting makes it even more dangerous. This occurred when a known group of Chinese attackers leveraged Forbes.com’s thought of the day. Although it’s believed the attack only lasted a couple of days, the drive-by download leveraged a Flash vulnerability to hit political and economic targets.

Steps you can take to protect your assets from a drive-by download attack.

Special thanks to Oscar Beltran for providing additional research.