DATA DOCTORS

Preventing malicious drive-by downloading

Apr 3, 2021, 5:00 AM
(Pexels Photo)...
(Pexels Photo)
(Pexels Photo)

Q: What exactly is a drive-by download?

A: The Internet has become the malware delivery system of choice for those with malicious intent because it’s a direct connection to billions of users.

Typically, some form of user interaction is required for malware to gain access to your computer, such as downloading an email attachment or installing a rogue program posing as a legitimate piece of software.

Trying to convince a user into engaging in risky behavior has been getting more difficult as even those that aren’t tech-savvy have learned about their tactics.

Drive-by downloads

As a normal course of using the Internet, every time you visit a website, you are downloading files from that website to your computer in order to render the page.

A more efficient way to find victims is through the use of websites that are rigged with malware agents. This reduces what the potential victim has to do to become compromised.

The malware agents hiding within the site immediately go to work searching your computer for known vulnerabilities that haven’t been patched. If they find any holes, they can leverage the vulnerability to silently sneak malicious code onto your computer as the page is loading.

In many cases, the goal is to find vulnerabilities that will allow the hacker to remotely access the computer, providing them with endless opportunities to exploit the victim.

The only action the victim needs to take in the “drive-by download” scenario is to simply visit one of these booby-trapped websites.

Malicious links leading to these sites can be sent via email, text messages, in social media posts, in forums, in the comments section of a website or anywhere an active web link can be used.

Hacking legitimate websites

Another tactic for getting malicious links in front of victims is by compromising legitimate websites and embedding the links within the site. This is why it’s so important for anyone with a website to keep up with security updates or risk becoming an unwitting accomplice to this malicious activity.

Hackers have also been known to sneak malicious ads onto websites – also known as “malvertising” – aware that most users don’t suspect that an ad can lead to malware.

Preventative measures

The initial item exposed to these malicious websites is your browser, so keeping it updated is your first line of defense.

If you aren’t sure how to check for updates for your browser, do a Google search for “updating xxxx browser” where xxxx is the name of your browser.

Google Chrome also has a safety check feature that will review updates check for potentially harmful or vulnerable extensions by typing this into the address bar: chrome://settings/safetyCheck

Your operating system is another critical item that needs to be kept updated. Windows 10 users are generally force-fed updates but macOS users have a little more control over updates.

We typically see a much larger percentage of Apple computers that haven’t been updated, so if you’re a Mac user, don’t fall into a false sense of security when it comes to keeping your computer updated.

Ad blockers

A great way to avoid “malvertising” is by using an ad-block, which gives you total control over what gets downloaded to your computer while surfing.

Data Doctors

(Photo by Kirk McKoy/Los Angeles Times via Getty Images)...
Data Doctors

Tips and tricks for restarting unresponsive computers

Malicious programs won’t appear with an icon on your taskbar or provide you with any indication that they’re running.
5 days ago
(Pexels Photo)...
Data Doctors

Finding the easiest ways to sell travel photos online

The quality of photos that smartphones are capable of capturing is spectacular and anyone can try selling them online.
12 days ago
(Pexels Photo)...
Data Doctors

Here’s an explanation on LastPass password management security

After several breaches at LastPass password management, some users may be wondering if it's still safe to use.
19 days ago
(Pexels Photo)...
Data Doctors

Preventative maintenance tips to help computers run better

As with many other items in our lives, preventative maintenance is the key to avoiding expensive repairs that often come as a surprise.
1 month ago
(Pexels Photo)...
Data Doctors

Tips for accessing and listening to free audiobooks

Most of these apps will also allow you to load them on multiple devices, so you can start listening and pick up where you left off.
1 month ago
The TikTok logo is displayed outside a TikTok office on December 20, 2022 in Culver City, Californi...
Data Doctors

Here’s what parents should know about their children using TikTok

Understanding the risks of any app or social media platform that your children use has become an essential parental responsibility, but TikTok poses some unique considerations.
2 months ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

Company looking for oldest air conditioner and wants to reward homeowner with new one

Does your air conditioner make weird noises or a burning smell when it starts? If so, you may be due for an AC unit replacement.
(Pexels Photo)...

Sports gambling can be fun for adults, but it’s a dangerous game for children

While adults may find that sports gambling is a way to enhance the experience with more than just fandom on the line, it can be a dangerous proposition if children get involved in the activity.
...
Day & Night Air Conditioning, Heating and Plumbing

Prep the plumbing in your home just in time for the holidays

With the holidays approaching, it's important to know when your home is in need of heating and plumbing updates before more guests start to come around.
Preventing malicious drive-by downloading