Monday, December 28, 2015

What is a Drive-By Download ?

Previously, malware used to infect a computer through installation of software initiated by the user. When a user used to click on a link and accept installation of software, software would start installation, and with that malware used to download and infect the computer. But, now many attackers use a concept called Drive-By Download to spread malware.

What is a Drive-By Download ?

A Drive-By Download is a technique through which a malware can start downloading simply through visiting the attacker controlled website. When a user visits a malicious website, download starts in background in the computer or mobile devices. Mostly, this type of download exploits some security flaw in the browser or other software commonly used.

How does Drive-By Download work ?

The initial code installed by Drive-By Download is very small. The code often simply contacts with other computers and instructs to download the rest of the malware. Normally, the malicious website contains several malware exploiting different security flaws. And when a user visits the website, at least one of them gets downloaded taking advantage of some security flaw.

Attackers normally send links of these malicious websites through email or text messages and even through attracting social media posts. The attackers sometimes post an interesting article or cartoon in social media and when a user enjoys the article, Drive-By Download starts in background.

Countermeasures of Drive-By Downloads

Security experts are constantly doing research on this topic. Normally, security experts use some test machine and visit websites that have previous records of spreading malware. If on visiting the website, malware starts downloading on the test machine, proper action is taken.

Though educating oneself is the best policy. Do not click on suspicious looking links. If you are not very sure about the authenticity of a website, it is better not to visit it. And be careful about clicking on interesting looking suspicious social media posts. They may do much harm than any benefit.

And it is always advisable to update the software you are using with security patches. Mostly, attackers take the advantage of security flaws in software to spread malware.

Preferable use a safe search tool that will keep you updated about possible malicious websites. And use a trusted antivirus software.

This article was to inform you about another recent threat. Hope it solved its purpose.

No comments:

Post a Comment