Drive by download refers to the automated download of software to a user’s device, without the user’s knowledge or consent.
Read moreDRIVE BY ATTACK
Drive by download refers to the automated download of software to a user’s device, without the user’s knowledge or consent. This can occur while the user is browsing a legitimate website or even through a malicious advertisement displayed on an otherwise safe site.
FAQ
How does it work?
| 1: Injection—the attacker embeds or injects a malicious element into a compromised web page. This could be JavaScript code, an iFrame, a link, a redirect, a malvertisement (an ad that triggers malicious code when viewed or clicked) or cross-site scripting (XSS). |
| 2: Vulnerability exploits—the user views the page, triggering the malicious element. The element exploits a vulnerability in a part of the software stack on the user’s computer. This could be the browser, browser plugins, the operating system, an archiving tool like WinZIP, a file reader like Adobe PDF, legacy multimedia delivery platforms like Adobe Flash or Microsoft Silverlight, or vulnerabilities in the version of Java installed on the user’s device. |
| 3: Download—the element downloads malicious files silently to the user’s device. In this example, the payload is a Trojan horse. Attackers may use other payloads, as discussed in the following section. |
| 4: Execution—the Trojan horse executes, opening a shell the attacker can use to gain control over the device. |
| 5: Remote control—the attacker gains remote control. This enables them to extract passwords or other valuable data from the user’s device. |
| 6: Lateral movement—the attacker can now use credentials obtained from the user’s device to connect to another, more valuable system, such as a company’s website or network. |
Where the attack comes from?
The rise of prepackaged drive-in download kits allows hackers of any skill level to launch these kinds of attacks. In fact, these kits can be purchased and deployed without the hacker writing their own code or establishing their own infrastructure for data exfiltration or other abuses. The ease with which these attacks can be executed means that they can come from virtually anywhere.
How to Avoid Drive by Download Attacks?
To be protected against drive-by downloads, regularly update or patch systems with the latest versions of apps, software, browsers, and operating systems. It is also advisable to stay away from insecure or potentially malicious websites. Drive-by downloads were observed to be hosted in websites of questionable reputation, or even reputable websites that have been compromised. A reliable and proactive security solution that actively scans websites can help protect endpoints from drive-by downloads and other cyberattacks.
ADVERTISEMENT
BOOKS
No Content Available
ADVERTISEMENT
DEFINITIONS
ADVERTISEMENT
DOCUMENTS
Drive-by Downloads are a common technique used by attackers to silently install malware on a victim’s computer.
Read moreADVERTISEMENT
ENTERTAINMENT
A documentary about the world of screens we are immersed in. How did we get here? Who benefits? What are the cumulative impacts on people, society and the environment?
Read moreADVERTISEMENT
QUOTES
![“Only some of the [drive-by download] attacks rely on people to accidentally click something…”](https://601208.of1v7.group/wp-content/uploads/2021/04/Andrew-Brandt-1-360x180.png)
The ones that are completely independent of user interaction are the most devastating. Drive by downloads can strike without warning, and only some of them are avoidable." Andrew Brandt - Principal Researcher at Sophos
Read moreADVERTISEMENT
TOOLS
Built with AI for the front-line Security Analyst
Read more
Security through data
Emerging Technologies
Frameworks
Repository
© 2023 | CyberMaterial | All rights reserved.
World’s #1 Cybersecurity Repository