Haymarket Media, Inc.

Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ

SC Magazine

Subscribe to our RSS feeds

RSS | Login | Register

CLOSE

Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Email*

Password*

Keep me logged in Forgot your password?

Email*

Register now »

Threat of the month: Drive-by downloads

Fraser Howard, principal virus researcher, Sophos

July 01, 2007

More News

More in News:

MySpace users warned of drive-by exploit attack

What is it?

Drive-by downloads occur when a cyber criminal injects malicious code on to a website, and then attempts to entice computer users to visit the infected page in an attempt to install malware on their PCs.

How does it work?

Cyber criminals create malicious code designed to install their malware and select a suitable website to host the attack. Finally, they inject the malicious code into the relevant pages and wait for innocent web surfers to visit.

If the victim's machine is not running up-to-date IT security software and patches, the ensuing exploit attack will likely succeed, and malware will be installed.

Should I be worried?

Drive-by downloads present a simple and highly effective way to draw details from users' PCs. A growing number of criminals are also injecting malicious code on to legitimate web pages, compromising these sites.

How can I prevent it?

There are simple steps to defend against this kind of attack, no matter what type of website is hosting it. Consider deploying web security solutions that filter based on website categorisation and properly inspect the code of every website before granting access. It is also important to ensure that browser applications are fully patched.

Sponsored Links

Most Popular
Most Emailed
Most Recent

Popular Topics

4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws

SC MAGAZINE US SITEMAP

News

Latest News
Latest Features
Latest Opinions
Latest Company News

Products

Latest Products
Latest First Looks
Latest Reviews
Latest Group Tests

Blogs

The News Team Blog
The Data Breach Blog

Media

Podcasts
Editorial Webcasts
Vendor Webcasts

Whitepapers

Latest Whitepapers

Buyers Guide

Browse our Buyers Guide

Jobs

IT Security Jobs

More

Newsletters
Subscribe
Contact Us
Advertising
Editorial
Sitemap
Permissions
Reprints

Subscribe to our RSS feeds

RSS

Topics

Anti Spam
Anti Spyware
Anti Virus
Apple Threats
Browser Flaws
Consumer Threats
Emerging Threats
Insider Threats
Lawbreakers & Cybercrime
Microsoft
Non Microsoft Patches
Patch Tuesday
Security Policies
Spam Techniques
Trojans
Phishing
Vulnerabilities & Flaws

Sectors

Email Security
Mobile Endpoint Security
Patch Management
IT Security Training
Compliance

Verticals

Finance
Government
Healthcare
Retail

Events

SC World Congress
SC Congress Canada
SC Awards
Editorial Webcasts
Vendor Webcasts
Digital Downloads
eConferences

© 2012 Haymarket Media, Inc.

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions