Incident Response, TDR

Threat of the month: Drive-by download

What is it?

A silent malware download that takes place in the background, without the user's knowledge. The download is executed by exploiting a vulnerability in the browser or browser plug-in.

How does it work?

The attacker plants hidden malicious content called ‘exploit' on a webpage. It could be a malicious website created and hosted by the attacker, or a legitimate website that the attacker has compromised. When users access the webpage, the exploit takes advantage of a vulnerability in the browser, or browser plug-in, to change the behavior of the browser and enable the silent malware download. 

Should I be worried?

Yes. Drive-by downloads are stealthy in nature and very difficult to prevent. Most browsers are not properly patched, or have unknown zero-day vulnerabilities for which a patch doesn't exist, thus are vulnerable to these attacks. 

How can I prevent it?

Apply browser security patches on a regular basis. Consider solutions that are specifically designed to prevent exploitation of unpatched and zero-day vulnerabilities. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.