DATA DOCTORS

Preventing malicious drive-by downloading

Apr 3, 2021, 5:00 AM
(Pexels Photo)...
(Pexels Photo)
(Pexels Photo)

Q: What exactly is a drive-by download?

A: The Internet has become the malware delivery system of choice for those with malicious intent because it’s a direct connection to billions of users.

Typically, some form of user interaction is required for malware to gain access to your computer, such as downloading an email attachment or installing a rogue program posing as a legitimate piece of software.

Trying to convince a user into engaging in risky behavior has been getting more difficult as even those that aren’t tech-savvy have learned about their tactics.

Drive-by downloads

As a normal course of using the Internet, every time you visit a website, you are downloading files from that website to your computer in order to render the page.

A more efficient way to find victims is through the use of websites that are rigged with malware agents. This reduces what the potential victim has to do to become compromised.

The malware agents hiding within the site immediately go to work searching your computer for known vulnerabilities that haven’t been patched. If they find any holes, they can leverage the vulnerability to silently sneak malicious code onto your computer as the page is loading.

In many cases, the goal is to find vulnerabilities that will allow the hacker to remotely access the computer, providing them with endless opportunities to exploit the victim.

The only action the victim needs to take in the “drive-by download” scenario is to simply visit one of these booby-trapped websites.

Malicious links leading to these sites can be sent via email, text messages, in social media posts, in forums, in the comments section of a website or anywhere an active web link can be used.

Hacking legitimate websites

Another tactic for getting malicious links in front of victims is by compromising legitimate websites and embedding the links within the site. This is why it’s so important for anyone with a website to keep up with security updates or risk becoming an unwitting accomplice to this malicious activity.

Hackers have also been known to sneak malicious ads onto websites – also known as “malvertising” – aware that most users don’t suspect that an ad can lead to malware.

Preventative measures

The initial item exposed to these malicious websites is your browser, so keeping it updated is your first line of defense.

If you aren’t sure how to check for updates for your browser, do a Google search for “updating xxxx browser” where xxxx is the name of your browser.

Google Chrome also has a safety check feature that will review updates check for potentially harmful or vulnerable extensions by typing this into the address bar: chrome://settings/safetyCheck

Your operating system is another critical item that needs to be kept updated. Windows 10 users are generally force-fed updates but macOS users have a little more control over updates.

We typically see a much larger percentage of Apple computers that haven’t been updated, so if you’re a Mac user, don’t fall into a false sense of security when it comes to keeping your computer updated.

Ad blockers

A great way to avoid “malvertising” is by using an ad-block, which gives you total control over what gets downloaded to your computer while surfing.

Data Doctors

...
Ken Colburn, Data Doctors

Here are some tips on how to speed up slow starting computers

Here are some ways you can identify and solve potential issues that may be causing your computer to start up slower than normal.
5 days ago
(AP Photo/Jenny Kane, File)...
Data Doctors

An explanation of how new credit cards have information stolen

If you've ever wondered how people can crack a new credit card, here's a rundown and a brief explanation on what thieves could be doing.
12 days ago
(Pexels Photo)...
Ken Colburn, Data Doctors

Here are the differences between Google Chrome and Microsoft Edge

Half of the United States uses Google Chrome as a default browser, but here are the key differences between Chrome and Microsoft Edge.
19 days ago
(Pexels Photo)...
Data Doctors

Tips on how and when to use the iPhone screen recording feature

Here are some tips on when and how to use the the screen recording feature located on the dropdown bar on your iPhone.
26 days ago
In this photo illustration a spam 'Phishing' email is displayed on a laptop screen on March 21,2022...
Data Doctors

Tips and tools to detect and avoid computer phishing scams

Far and away, the method of choice for compromising users is through sophisticated phishing messages in email, via text messaging and through social media accounts.
1 month ago
(Pexels Photo)...
Data Doctors

Tips for helping the elderly spot and avoid phishing emails

Here are things you should look out for and avoid if you are helping someone detect phishing emails on their mobile devices.
1 month ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

Prep the plumbing in your home just in time for the holidays

With the holidays approaching, it's important to know when your home is in need of heating and plumbing updates before more guests start to come around.
...
Quantum Fiber

Stream 4K and more with powerful, high-speed fiber internet

Picking which streaming services to subscribe to are difficult choices, and there is no room for internet that cannot handle increased demands.
...
SCHWARTZ LASER EYE CENTER

Key dates for Arizona sports fans to look forward to this fall

Fall brings new beginnings in different ways for Arizona’s professional sports teams like the Cardinals and Coyotes.
Preventing malicious drive-by downloading