close
    search Buscar

    What is a drive-by download malware attack?

    Who I am
    Judit Llordés
    @juditllordés

    Item Feedback:

    content warning

    Learn how to protect yourself from a sneaky drive-by download attack, which can install malware on your device. Imagine the scene: You got infected with malware on your computer, but you have no idea where it came from. You have not downloaded anything and you have not visited sites considered dangerous. Yet, there is malware on your system, which ruins your day.


    It is possible that the malware appeared on your computer via a "drive-by" download. There is no need to click download or consent to install the malicious program. Instead, a drive-by download attack automates the entire process. So what is a drive-by download attack and how can you not be a victim of it?



    What is a drive-by download attack?

    A drive-by download is a relatively common technique that an attacker can use to silently install malware on a victim's computer.

    An attack usually involves compromising a website in some form, taking advantage of one of several technologies that help boost a site. These can include a corrupt plug-in, JavaScript, iframes, short links, infected advertisements (known as malvertising), and more.


    In short, there are many places where an attacker can hide malware in preparation for a drive-by download attack.

    The idea of ​​the drive-by download attack is to install malware on the victim's computer without them noticing. What makes them particularly sneaky is that a drive-by download attack can happen on almost any website, even those you consider "safe".

    Sure, they're more likely to occur on a website with more questionable content, such as an illegal streaming site, but a major service traditionally considered safe is a more profitable target in terms of visitor numbers. More visitors equals more potential victims.




    How does a drive-by download attack work?

    There are two main ways a malicious drive-by download arrives on your computer.

    1. Authorized. While it sounds like an oxymoron, some drive-by downloads rely on the victim authorizing the download without being fully aware of what they are doing.
    2. Not allowed. As expected, an unauthorized drive-by download infects your computer without any warning or notification and doesn't require you to click a link or anything.

    You can divide the major types of drive-by download attacks into smaller segments.

    Drive-by download authorized

    An authorized drive-by download is one that requires user interaction, at least to some extent.


    For example, an attacker compromises a website and installs an attack vector. But to complete the attack, the victim still has to press on Download, OK or similar. The option to download a malicious file appears spontaneous after the victim arrives at the site and is disguised as a normal file.

    Some definitions of authorized drive-by download extend further, covering malware or bundleware that was accidentally installed as part of another software installer.

    Unauthorized drive-by download

    An unauthorized drive-by download works similar to an authorized drive-by download attack, but it is an automated process. Instead of interacting with the compromised part of the website, whether it is a download link, a malicious advertisement or otherwise, the malicious website component activates when the website is launched.


    Depending on the type of malware, you may not notice anything different on your computer. The download will complete and, depending on your security settings or malware variant, will be installed without notice.


    Common malicious file types for drive-by download attacks

    Not all drive-by download attacks try to install nasty malware on your system. Having something unexpectedly installed on your computer is undoubtedly troubling. However, not all malicious files are cut from the same cloth.

    • Potentially Unwanted Program (PUP): A PUP, sometimes referred to as a potentially unwanted application (PUA), is not necessarily a malicious file. Most likely, a PUP is adware, delivering extra ads where they shouldn't appear. This isn't a catchall, however, and some PUPs have slightly more harmful intentions. Plus, despite their low level of danger, you don't want anything to interfere with your system or browser, period.
    • malware: malware that has a specific use, such as a Trojan that allows backdoor access to a system or an exploit kit that can install other types of malware.

    Virus vs. malware: what's the difference?

    Finding malware on your system is far more alarming than a PUP. Furthermore, it is much easier to remove a PUP from the system than the "correct" malware.

    Most PUPs can be easily removed using the computer's built-in antivirus program or a third-party tool, such as Malwarebytes.

    How to protect yourself from drive-by download attacks

    The very name of the attack makes it seem like it's hard to protect yourself. It's a drive-by, after all, and it targets anyone who visits the hacked website. However, there are seven things you can do to stop a drive-by download from hitting your computer.


    1. Keep your computer up to date. When an update is available, install it.
    2. Keep your browser up to date. Also, consider removing any excess browser extensions. Not only do they slow down your browser, but outdated browser extensions can cause security issues.
    3. You have a couple of options here. You can download and install a third-party antivirus tool or use the built-in antivirus tool on your computer. Windows and macOS both have default antivirus programs. Although Linux is much more secure, you can always opt for a free Linux antivirus tool for added security.
    4. You could opt for an antimalware tool, such as Malwarebytes. The free version of Malwarebytes is a scan and removal tool, but the premium version offers real-time protection.
    5. The websites you visit make a difference in your exposure to drive-by downloads. As mentioned above, top sites are profitable targets but they can be difficult to leverage. At the same time, a website showing illegal sports stream is much more likely to be easier to exploit. Try to avoid sites that may offer illegal content, even if this is far from a guarantee.
    6. Check them out before clicking. Did you know that there are several ways to examine a link before clicking on it?
    7. Script blocking extensions for your browser can prevent certain drive-by download exploits from running on your system. However, some script blocking tools can have unwanted consequences, such as breaking parts of other websites, which can be a bit of a balancing act.

    Don't be surprised by a drive-by download

    Now that you know the signs and reasons behind a drive-by download attack, you will be better prepared to avoid one in the future. Remember, keeping your system and applications up to date really helps!


    Further Reading:

    • How to scan Google Drive for viruses
    • What is malware and how does it work?
    • Purple Fox - Beware of malware pretending to be Telegram
    • What is dllhost.exe file? How do I remove it from Windows 10?
    • Suonerie Samsung Galaxy S20 [HQ Sound]
    add a comment from What is a drive-by download malware attack?
    Comment sent successfully! We will review it in the next few hours.