Drive By Downloads ?

marg

Level 12
Thread author
Verified
May 26, 2014
581
I am a little confused here. Do they just install automatically when you stumble on a malicious site or is it an action by the user clicking something? Thanks!
 

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Both actually, but traditionally a Drive By Download will exploit a vulnerability in your browser in order to either download in the background (and then execute or run without you clicking it) or in the case of some you'll see a box pop up that looks like Windows Update or something (but really this is just a fake).

A good example, a few years ago there was a surge in drive by downloads which exploited the way in which pictures are displayed, so you would just view a picture on a website and that's it, it would 'open' and you'd have a black box pop up suddenly with the name of something.exe and that would be the start of your infection.

Some older drive by downloads required you to accept a notification before the exploit could run, but on the whole a drive by download is an event in which you visit a website, only to have a malicious executable file download and run without your consent. (most common symptoms include the java icon (orange icon) popping up in the corner when you visit a site and also the browser crashing). I always do a hard disconnect on both of those events if I'm suspicious of the site (pull the ethernet cable out, or switch the wireless off, or turn the router off all together).
 
  • Like
Reactions: Jack, Ink and marg

marg

Level 12
Thread author
Verified
May 26, 2014
581
Both actually, but traditionally a Drive By Download will exploit a vulnerability in your browser in order to either download in the background (and then execute or run without you clicking it) or in the case of some you'll see a box pop up that looks like Windows Update or something (but really this is just a fake).

A good example, a few years ago there was a surge in drive by downloads which exploited the way in which pictures are displayed, so you would just view a picture on a website and that's it, it would 'open' and you'd have a black box pop up suddenly with the name of something.exe and that would be the start of your infection.

Some older drive by downloads required you to accept a notification before the exploit could run, but on the whole a drive by download is an event in which you visit a website, only to have a malicious executable file download and run without your consent. (most common symptoms include the java icon (orange icon) popping up in the corner when you visit a site and also the browser crashing). I always do a hard disconnect on both of those events if I'm suspicious of the site (pull the ethernet cable out, or switch the wireless off, or turn the router off all together).
Thanks Cowpipe ! Are most browsers safe from this now?
 

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Thanks Cowpipe ! Are most browsers safe from this now?

Yes and no, the vulnerabilities are mostly in things like Flash Player and Java. Chrome is the safest browser of the big three (IE, FF, CR), but you're not a hundred percent safe. As nearly all of these attacks that are in the wild come from so called "exploit kits" (that's a piece of software written, containing many different exploits for all different browsers, a malware hoster buys the software, puts it on their server and it turns into a drive by download heaven).. <- These all share identifiable code, for example you can tell what brand your car is by the badge, and if you removed the badge and rebranded it, you could still tell what brand it was (originally) by the shape, if that makes sense.

So in short, don't panic, you're anti-virus will do a good job of preventing these kind of attacks, however MalwareBytes provide a specialist product designed soley to identify these kind of exploits, you can find it here:

https://www.malwarebytes.org/antiexploit

I'd also recommend that you visit this website here for peace of mind: https://browsercheck.qualys.com/

They will scan your browser and try to exploit it, and if they manage to, you'll be given simple instructions on how to make it safer :)

Edit: Also check this one, which has live exploits and is a good test of your browser and firewall: http://www.pcflank.com/exploits.htm
 

Dubseven

Level 14
Verified
Aug 12, 2013
694
The Drive-By downloads exist since 2000's, sometimes by Java, sometimes by browser exploit and sometimes by flash.
Anti-virus can't block if the malware is FUD (ZeroDay).

It's installs himself like a temporary content and run himself just after visiting a malicious website with this exploit.
 
  • Like
Reactions: marg

PVA_BR

Level 4
Verified
Jan 4, 2014
185
Do most AV's block this?
@marg
Anyway I think that installing a privacy add-on on ff or chrome (like ghostery or noscritp) can help you to prevent some of this kind of issue.
And always keep your OS and other software patched and fully updated. ;)

Thank You:D
 
  • Like
Reactions: marg

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
Thank You Koroke San ! Do most AV's block this?
some can & some can't, depends on their detection. it's better not to rely on AV , just use some precaution -

Prevent Drive-by download attacks

For Server :
  1. Keep the server’s operating system(s) up to date
  2. Software installed on these web servers up to date
  3. Check out SDL Quick Security Reference Guides for latest updates
  4. Avoid browsing the Internet from web servers or using them to open email and email attachments.
  5. Register your site with Bing webmaster tools and Google Webmaster, so that search engines can proactively inform you if they detects something bad on your site.
As a user, you can take the following precautions:
  1. Make sure your Windows operating system and web browser is fully up-to-date.
  2. Use a good security software and again ensure that it has the latest definitions always
  3. Use minimum browser addons as they often get compromised
  4. Using a URL scanner addons for your browser might also be an option you may want to consider
  5. If you are using Internet Explorer make sure your Smartscreen is turned on.
  6. And finally, develop a habit of safe browsing and be selective about which sites you browse regularly.
  7. Disable Java
  8. use good web filtering software's
  9. Up to date Flash Player if u r using it.
 

Dubseven

Level 14
Verified
Aug 12, 2013
694
I have forgotten:

Some exploits cost more than 8,000$ and NOTHING can prevent you from this, maybe only Comodo with the browser in sandbox if the trojan has nothing to bypass that.
Also, some websites ads contain this exploits.
 
  • Like
Reactions: marg

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Isn't Java needed for some gaming sites? My son is a gamer.

Very few online games use Java, in actual fact most use Flash but if you want to be safe and disable Java without interrupting your son's gaming there is a middle ground. In Chrome if you go to the menu button (three horizontal lines, top right corner) and to settings > Advanced Settings > Content Settings, scroll down to Plugins and select the middle option "Click To Play".

This will stop Java and Flash content from loading until you actually click on them :)
 

Littlebits

Retired Staff
May 3, 2011
3,893
Real Drive By Downloads no longer exists unless you are using out-dated browsers or out-dated software with vulnerabilities.
Even most exploits require the user to manually download a malicious file in order to be effective with infecting a system.

In recent years the term "Drive By Downloads" often refers to "Fake Alert" pages that trick the user into manually downloading and running a infected file, but it is far from the true meaning which required no user action at all in order to infect a system, just a simple visit to the infected page.

Enjoy!! :D




 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top