Threat of the month: Drive-by download

Share this article:
Threat of the month: Credentials theft
The pervasiveness of drive-by downloads has made it our threat of the month for May.

What is it?

A silent malware download that takes place in the background, without the user's knowledge. The download is executed by exploiting a vulnerability in the browser or browser plug-in.

How does it work?

The attacker plants hidden malicious content called ‘exploit' on a webpage. It could be a malicious website created and hosted by the attacker, or a legitimate website that the attacker has compromised. When users access the webpage, the exploit takes advantage of a vulnerability in the browser, or browser plug-in, to change the behavior of the browser and enable the silent malware download. 

Should I be worried?

Yes. Drive-by downloads are stealthy in nature and very difficult to prevent. Most browsers are not properly patched, or have unknown zero-day vulnerabilities for which a patch doesn't exist, thus are vulnerable to these attacks. 

How can I prevent it?

Apply browser security patches on a regular basis. Consider solutions that are specifically designed to prevent exploitation of unpatched and zero-day vulnerabilities. 

Share this article:
close

Next Article in Threat of the Month

Sign up to our newsletters

More in Threat of the Month

Threat of the month: Network deperimeterization

Threat of the month: Network deperimeterization

Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.

Threat of the month: Linksys router zero-day

Threat of the month: Linksys router zero-day

This month's vulnerability is currently being exploited by a worm known as "TheMoon."

Threat of the month: Java vulnerabilities

Threat of the month: Java vulnerabilities

For March's threat of the month, Secunia's Kasper Lindgaard believes Java vulnerabilities should be at the top of everyone's radar.