Threat of the month: Drive-by download

Share this article:
Threat of the month: Credentials theft
The pervasiveness of drive-by downloads has made it our threat of the month for May.

What is it?

A silent malware download that takes place in the background, without the user's knowledge. The download is executed by exploiting a vulnerability in the browser or browser plug-in.

How does it work?

The attacker plants hidden malicious content called ‘exploit' on a webpage. It could be a malicious website created and hosted by the attacker, or a legitimate website that the attacker has compromised. When users access the webpage, the exploit takes advantage of a vulnerability in the browser, or browser plug-in, to change the behavior of the browser and enable the silent malware download. 

Should I be worried?

Yes. Drive-by downloads are stealthy in nature and very difficult to prevent. Most browsers are not properly patched, or have unknown zero-day vulnerabilities for which a patch doesn't exist, thus are vulnerable to these attacks. 

How can I prevent it?

Apply browser security patches on a regular basis. Consider solutions that are specifically designed to prevent exploitation of unpatched and zero-day vulnerabilities. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in Threat of the Month

Sign up to our newsletters