What is a Drive-by Download?


Imagine yourself surfing your favorite baseball website one day. Maybe you are checking the baseball scores for the fantasy league you host with your friends. You are at a website you have been to time and time again; it is a site you trust–not just for the scores, but because you know it is a “safe site.” You think to yourself, “This isn’t some random site I found in a Bing search.
But, unbeknownst to you the server that was hosting your favorite baseball website had a vulnerability. The webmaster had been meaning to patch the server as soon as possible, but it never seemed like a good time was available. After all, baseball season was in full swing and the website always had visitors. There was just never a convenient time to take the website offline for maintenance and make fans mad. What the webmaster did not know was someone found their unpatched vulnerability. Someone took advantage of it.
An attacker injected some malicious code into each of the web pages. Now when visitors arrives at their favorite baseball website the webmaster is giving their visitors more than just the scores; the webmaster is serving them a small bit of code that takes advantage of an exploit. If a visitor happens to have an old edition of Adobe Reader installed they just became the victim of a drive-by download.
Now, you are sitting there in your comfy chair with your antivirus solution up-to-date, Windows fully patched, but you may have forgotten something.
What was it again?
What did you forget to update?
Ah… Adobe Reader.
Now you have malware on your computer.
But … nothing happened. You did not see a sleazy ad anywhere on the site, no pop-up, not even a UAC (User Account Control) prompt. Honestly, you still do not even realize your computer is infected. You keep going about your day. You spend a few more minutes to check the other news of the day and then you are on your way out the door.
The story is not over yet. It has only begun. You do not know it yet, but after you locked your screen and walked away the malware script that ran on your favorite baseball website is hard at work. It may have been small, but that is not going to stop it from making a big mess. It is secretly downloading other malware software in the background, taking advantage of the same exploit in Adobe Reader to execute all the code it wants without your knowledge or consent (or UAC prompt!).
It installs a keylogger which logs all of your valuable keystrokes so it can upload them later. Didn’t you have to login to your bank tomorrow? Your attacker sure hopes so. It installs some harmless adware. The Internet is full of ads, what’s wrong with a few more? It changes your DNS settings. All of a sudden, why doesn’t “google.com” take me to Google? Now we are getting a little deeper into the system settings. It is changing things you do not even know about!
This is how something as innocent as a drive-by download can quickly escalate. Computers are efficient, but they are dumb. They will do anything you tell them to do, even if it is to their own detriment. They are tireless and work around the clock doing exactly what they are told.
The only real way to protect yourself from a drive-by download is to update everything. You have to go beyond the basic Windows Updates and keep all of your third-party software up-to-date, too. That includes Java, Adobe Flash Player, Adobe Reader, all of your browsers, and any other software you may have installed. Once malware detects that there is older, vulnerable software on a system it will immediately exploit that fact.
You can also run security software that ties into your browser with a toolbar, like many antivirus solutions offer, but this should not be your sole line of defense. It should just be one piece of a larger solution and game plan.
Many modern browsers warn you when you have encountered a compromised website, but in a world of “zero-day” exploits, even they can let you down. This is why we advocate a multi-layer solution.
We offer many solutions to help you avoid being attacked. We offer networking equipment that can help scan traffic for malicious code as it enters your network. We offer equipment that can detect and help defend against network intrusion. We also offer a solution where we can monitor your systems around the clock and let you know if we detect anything malicious on your systems. If we cannot remediate it automatically with our automated systems we immediately call you, offering you peace of mind, knowing that you are always protected.
Security is a growing concern for many people personally and professionally. We are here to help you make the right choices.
This article was edited by our own Ross Armer.

Comments