What is a drive-by download?
When your computer is infected by a malicious program simply because it visited a website, this is known as drive-by download.
This type of attack is so-named because a user doesn’t have to stop or even click on a page in order for a dangerous code to be downloaded in the background.
How do drive-by downloads work?
Unfortunately, you don’t have to click on a link or approve of any particular download in order to be the victim of a drive-by download.
Compromised websites can infect your computer without your knowledge or authorization.
Drive-by downloads exploit operating system that might be outdated, void of the proper security mechanisms that protect against malicious programs.
These dangerous programs are so small and innocuous that victims typically fail to see what is happening.
The initial download may be tasked with targeting the secret information on your computer, tablet, or smart phone.
According to Microsoft, drive-by downloads are often found on otherwise-legitimate websites where some form of malicious code has been left by an attacker.
These malicious users might use a comment field or other web form to leave the code.
As an example, a victim with an unprotected computer might log on to a website that has been compromised.
A hidden frame loads another page, which initiates and attempts to install malware or another dangerous program.
While many of these drive-by downloads occur on an infected website, they can also occur through certain emails that link to a website.
Once the malicious program is on a computer, smart phone or tablet, it poses several risks:
- It could log your keystrokes
- Infect the system with a Trojan that steals online banking information
- Provide a hacker with a view of your personal, sensitive files
- They can also create a backdoor, which could leave your computer or other electronic device susceptible to other attacks.
How to avoid drive-by downloads
Make sure you’re computer’s operating system automatically updates and activate a firewall for added security.
Firewalls should also be used for wireless routers, and your browser should be updated as often as possible.
Use web-filtering software to help prevent against accessing sites that might be compromised.
Consider the NoScript Firefox extension, which is a free, open-source product that only allows your trusted websites to run JavaScript and Java.
This can help prevent unintended infection from drive-by downloads.
Meanwhile, disable Java and JavaScript.
Use a popular anti-virus software the help identify threats and stop them as quickly as possible.
This means you should allow the software to automatically update itself so it is familiar with the latest malicious threats.
If more than one person uses your computer, prevent access to application or operating system changes.
Create an account to be used only by an authorized administrator for installing, changing or deleting software.
And don’t use that “admin” account for other activities, like reading emails or looking online.[/vc_column_text][/vc_column][/vc_row]