6 Ways to Defend Against Drive-by Downloads
Cybercriminals are increasingly using drive-by downloads to distribute malware without end users knowing something bad has just landed on their machine--until it's too late. Here are six ways IT departments can protect end users from the productivity sink and potential data loss that drive-by downloads create.
Fri, February 10, 2012
CIO — In the first quarter of 2011, enterprise users encountered an average of 274 web-based malware attacks, a 103 percent increase over 2010, according to research from Cisco ScanSafe. Why the dramatic increase? One major cause is the growing number of drive-by download attacks. Drive-by downloads are an especially pernicious method cybercriminals use to install viruses and spyware, and otherwise take control of unsuspecting end users' computers.
Drive-by downloads are particularly dangerous because they're so stealthy: As their name suggests, they automatically install software on end users' computers without them knowing.
"Anytime someone else gets to decide what software, what code is running on your computer, then your computer—all the information on it and everything on the network that is connected to it—is at risk," says Daniel Peck, a research scientist with Barracuda Networks' Barracuda Labs.
Indeed, half of all businesses surveyed by Kaspersky Labs in 2011 that had been infected with some kind of malware experienced data loss from the attack.
How Drive-by Downloads Attack
Drive-by downloads work by exploiting vulnerabilities in web browsers, plug-ins or other components that work within browsers, says Peck. And they can take place a number of ways. For example, you can be innocently cruising the Web when you happen upon a site that downloads malware onto your computer. The site could have been set up by cybercriminals, specifically for the purpose of infecting people's computers, or it could be a legitimate website that cybercriminals compromised through existing vulnerabilities in the site. Dasient, a company that makes software to prevent Web-based malware attacks, notes that nearly 4 million web pages across more than 400,000 websites are infected with malware each month.
Another common way drive-by downloads are distributed is through advertising networks. In 2009, The New York Times was tricked into running an ad for bogus antivirus software that bombarded people who clicked on the ad with pop-ups prompting them to fork over their credit card information to pay for the fake program. Google's and Microsoft's online ad networks fell for a similar trick the following year. Andrew Brandt, director of threat research for Solera Networks' Research Labs, says criminals are still trying to use ad networks to distribute malware because the ad networks make it so easy for them to get their exploits out to so many people.
Occasionally a drive-by download will prompt users to take an action that allows malicious software to take over their machines. The most common example of this today is rogue anti-virus software. You'll visit a web page when suddenly a pop-up window that looks like a legitimate anti-virus program appears on your computer, indicating that it's detected a virus and asking you to click for a free virus scan.