Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device.
Masked in all corners of the web, these attacks cause even perfectly legitimate sites to spread this threat.
variantsHere are the two main variants of Drive by Download attacks:
While the former is clean and safe, it may be adware at its worst. Cybersecurity experts use the latter as their drive by download definition.
A drive-by download attack refers to the unintentional download of malicious code to your computer or mobile device that leaves you open to a cyberattack. You don't have to click on anything, press download, or open a malicious email attachment to become infected.
A drive-by download can take advantage of an app, operating system, or web browser that contains security flaws due to unsuccessful updates or lack of updates. Unlike many other types of cyberattack, a drive-by doesn't rely on the user to do anything to actively enable the attack.
Drive by downloads are designed to breach your device for one or more of the following:
Without proper security software or fixes for your vulnerabilities, you could become a victim of a drive by download attack.
If you’ve ever asked yourself, “what is a drive by download attack?” you’re more aware than most. Since they infiltrate so quietly even on “safe sites,” most people have no clue how they got infected.
There are two main ways malicious drive by downloads get into your devices:
Knowing exactly what is drive by download is as important as knowing how to spot bait for an attack. Let’s unpack each one of these methods to help you see possible red flags.
Authorized drive by downloads are streamlined and may even be spotted before the attack:
Software or websites may seem innocuous, but they are corrupted by malware. In fact, one of the greatest dangers is the ease of attracting visitors to sites or apps that seem innocent.
For example, you might get a link emailed to you or a post on your social media feed. It is masked to look as though it was sent from sources you trust. This social engineering tactic is used to entice you to click and open. Once the website is open, the drive-by download installs itself on your computer or mobile device. This tactic is used to entice you to click and open. Once the website is open, the drive-by download installs itself on your computer or mobile device.
Bundleware is a popular “authorized” method, using secondary programs attached to your actual desired program download. Sometimes called barnacles, these potentially unwanted programs/applications (PUPs/PUAs) can conceal malware or be malware themselves. You’ll find this software usually as an opt-out choice when downloading free software or shareware.
Phishing can also be used to bait you into a drive-by download. Popups or fraudulent online messages pose as organizations you know and trust. You might be seeing a fake security breach notification from your web browser, or a fake data breach email from your bank. These are meant to scare you into clicking a link or downloading an attachment — and getting infected.
An unauthorized drive by download works in a simple way despite having multiple phases:
As noted above, unauthorized malicious code is distributed directly by compromised websites. However, the code is placed there by hackers. Their methods rely on natural flaws of digital technology, as well as unsafe security practices.
Exploit kits are the software used to compromise vulnerable web servers and your devices. These kits identify software vulnerabilities on machines and web browsers to determine which systems are easy to obtain. Exploit kits often use small pieces of code designed to slip past simple defenses and go largely unnoticed. The code is kept simple to focus on one job: to contact another computer to introduce the rest of the code it needs to access a mobile device or computer.
Security vulnerabilities discovered by exploit kits are unavoidable in the digital age. No software or hardware can ever be made perfect. Just like a building can be infiltrated with careful study and planning, so too can any software, network, or other digital infrastructure. Vulnerabilities come in a few common forms:
Zero-day exploits are hard to avoid, but known issues are manipulated purely due to poor cybersecurity practices. If endpoint users and web admins fail to update all their software in a timely fashion, they will delay vital security updates as well — and this is what hackers rely on.
Drive by downloads are by far one of the harder threats to prevent. Without proper attention to detail and strong security at all touchpoints, web activity becomes far more hazardous.
As with many aspects of cyber safety, the best defense is caution. You should never take your security for granted. Here at Kaspersky, we’ve compiled some of the best guidelines on how you can avoid downloading malicious code.
As a website owner, you are the first line of defense between hackers that target your users. To give yourself and your users peace-of-mind, strengthen your infrastructure with these tips:
As a user, you’ll have to rely more on the various security features offered in your software. You can follow these tips to prepare yourself and your software against a drive by download attack: