What Is a Drive-By Download Attack and How Does It Work?

Drive-By Download Attacks

The information security industry can be a rather strange place sometimes, especially when it comes to terms and definitions. There is a lot of confusion and debate even around subjects that we should know very well by now. The so-called 'drive-by download' attacks are no exception.

The confusion around what is and what isn't a drive-by download attack

Everybody agrees on what a drive-by download actually does. It installs an unwanted or outright malicious application on your computer without your knowledge or consent. From obnoxious browser hijackers to information stealing malware and keyloggers – pretty much every piece of shady software fits the bill.

The argument seems to revolve around whether or not the process is automated. Some people reckon that an attack can only be classified as a drive-by download if it requires absolutely no user interaction. Others say that shady software that gets installed alongside other applications or is delivered through suspicious ads also counts as a drive-by download.

It's fair to say that security experts are unlikely to reach a consensus any time soon which is why we'll try to show you all different scenarios in which the term "drive-by download" might be used.

Smuggling suspicious apps on your computer

You have probably heard about the dangers of downloading and using pirated software and cracking tools. Doing so is illegal, but even if you are prepared to disregard this fact, you should consider something else.

When you download an application from its official website, you are effectively declaring that you trust the developer which, in most cases, is an established company that has a reputation and a business to worry about. When you're downloading software from a torrent tracker, you're putting your trust in someone who uses a nickname, an avatar, and bad grammar.

Pirated software isn't the only thing that can silently download something nasty to your computer, though. Sometimes, an app might look legitimate and still deliver an unexpected infection. Some developers try to hide the additional payload with varying degrees of success. The installer might tell you about the browser toolbar, and you might even get a checkbox that lets you opt out. In other cases, however, you will not be notified of any additional software getting installed on your computer.

A click, a bang, and a wallop

No, you're not the 10,000th visitor on this website. You haven't won $1,000,000, and if you click on that popup that seems to have been designed with Windows 98's version of Microsoft Paint, you won't actually claim any prizes. In all probability, you'll download and install something you don't want on your PC.

The scenario above is fairly old now, and very few people are likely to fall for it. It is fair to say, however, that today's shady ads are much more sophisticated and believable. It's not just ads, either.

It's 2019, and safe for a few exceptions, you don't need to install Adobe Flash to surf the internet. If a popup tells you otherwise, consider whether you really need to be on the website you're trying to view. Many people are experienced enough to know that, but even they might fall for the slightly more legitimate-sounding scenario which tells them that they need a new font pack for example.

As you can see, the online landscape is evolving, and the crooks have no other choice but to keep up with the times. We've already established that social engineering is one of their most powerful weapons, and it's clear that they won't shy away from using it during a drive-by download attack.

Clicking isn't always necessary

The scenarios we've discussed so far require some form of action on behalf of the victim. As clever as some of them are, they are all dependent on at least one mouse click. With some drive-by download attacks, however, this is simply not needed.

The automated drive-by download is the most devastating attack of its kind. With it, a successful infection requires nothing more than a victim visiting a compromised website where a malicious script is set to trigger the download automatically. It's so dangerous because victims don't need to click or approve anything, and they usually have no idea what's going on until it's too late. Even it is dependent on one or two things, though.

This type of drive-by downloads usually involves the so-called exploit kits. An exploit kit is a collection of computer code that can take advantage of various security shortcomings in popular applications. Different exploit kits target different vulnerabilities in different apps. When a victim lands on a compromised website, the malicious code usually checks what sort of software is installed on the visitor's PC, and if it finds a product it can exploit, it launches the download. It all happens quickly and silently. But is it difficult to pull off?

Getting the exploit kit is the easy part. Some of them are available for free, and some can be bought on hacking forums in exchange for a few crypto coins. Obviously, in order to plant the exploit kit, hackers need to compromise a website, but because administrators don't always take the problem of security very seriously, the level of computer skills required to do this isn't always as high as you might think.

Finding victims that are vulnerable to a drive-by download attack via an exploit kit isn't that difficult, either. People tend to use the same browser, plugins, and apps, and crucially, many of them reckon that keeping all that software up-to-date is a nuisance that doesn't really bring any discernible benefits.

The popularity of drive-by downloads and how to stay safe

It must be said that most of the large-scale cyberattacks we read about these days rely on spam emails rather than drive-by downloads. For some reason, exploit kits aren't as popular as they used to be, and users seem to be much more conscious of the ads they click and the apps they install. Nevertheless, drive-by download attacks do exist, and you should know what you can do to protect yourself.

Let's start with the software on your computer. It should go without saying that you shouldn't install applications you don't need. In addition to protecting you from a fairly wide variety of attacks (including drive-by downloads), having fewer unused programs on your PC will aid its performance. When you do install software, make sure you download it from the official vendor and try to avoid falling for the misconception that installing applications on your PC involves nothing more than clicking "Next" several times.

Next, you have the ads you see every day. The internet as we know it wouldn't be the same without ads. They help keep many of the services we use every day free. At the same time, malicious ads facilitate quite a lot of online fraud, and as we established already, they can lead to malware infections. Think twice before you click on any ad, no matter how enticing it might look.

Last but not least, browse carefully. No website is hacker-proof, but sticking to the more established online portals and communities gives you a better chance of staying safe.

February 27, 2019

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 6 + 4 ?