Recently at the Adaware Malware Labs, we received an email from someone who was having issues with their system and needed our help. The person had downloaded some type of malware which had become quite problematic. In the correspondence to us, they continually indicated that they had no idea how or where their computer got infected.
That got us thinking about some of the advanced tools that cybercriminals implement today in order to scam the public. Navigating the barriers that is the world wide web can be a challenge for us all. In part one of this two-part article, we will look at one of the most devious methods by which scammers spread malware – The Drive-by download, what it is and how it is distributed. In part two, we will look at reactive and proactive methods to prevent a drive-by download attack.
Now before we begin it is important to point out that it is actually quite common, for a person not to know how their system got infected; in fact, it may be days or weeks before you become aware of it. The reason for this is because, for the most part, malware is designed to lurk in the background and depending upon the type of malware user may be entirely unaware that their system has been infected.
“A malware infected computer will rarely appear as it does in the movies where suddenly everything goes black or, countless files, and images flash on the screen uncontrollably,” stated a senior developer on the Adaware Malware Labs Team. “Most of the time, a user will notice that their system has slowed a little or has a number of pop-ups suddenly appear, but they usually only become fully aware when their system either slows to a crawl or stops altogether.”
What is a drive-by download?
Most users are unaware that you don’t necessarily have to download a malicious attachment in order to compromise your computer’s security. A drive-by download is a perfect example of this.
A drive-by download can be installed on your computer when you merely browse a drive-by malware-infected website. This type of scamming tool is particularly insidious because simply viewing the page is enough to cause your system to become compromised. All of this happens in the background, so the user has absolutely no knowledge that it has occurred.
When you visit a drive-by download infected site, the malware is designed to immediately load the malicious code into your browser, which will then automatically scan your computer system to look for any potential security vulnerabilities that may be within its operating system (OS) or any other applications that have been previously uploaded. Unfortunately, once the malware is on your device, it can be very tough to get it off.
What sites have drive-by downloads?
This is what makes drive-by downloads particularly tough to prevent – Any website can be compromised by drive-by downloads. It may even be on a website that you have surfed hundreds of times in the past, one that you value and trust. In order to hijack a website, the scammers/hackers will attempt to compromise a particular website by embedding malicious code inside the web pages themselves. For a trained cybercriminal, embedding malicious code within an unsuspecting host website is not as difficult as one might expect, especially with the inherent security vulnerabilities in many CMS tools like WordPress. Once the malicious code is embedded in the hijacked site, all the cybercriminal needs to do is wait for their victim to go to those webpages.
What happens if I go to a Drive-by Download website?
As we mentioned earlier by just viewing these sites, your system may become infected. When the drive-by malware detects a security vulnerability in your computer, it will automatically exploit it.
The malware will then attack the system in various ways, including:
- Installing keyloggers
- Generating pop-ups
- Making the system a “Mule” to distribute malware to other systems
- Stealing data
- Locking the system for ransom
- Creating a backdoor to install other malware
Do not worry; there are simple ways that you can combat drive-by download attacks. In our part two of Steering Clear of Drive-by Downloads, we will discuss how to prevent drive-by downloads and what to do if you become a victim.