Drive-By Download Dangers: How To Keep Hackers Out Of Your Computer

There’s no denying the convenience of online shopping. In 2021 alone, 2.14 billion consumers shopped online to find the best prices and have packages delivered right to their door. The online shopping experience will continue to flourish this holiday season, and around the world, countless people will shop online without thinking twice about the websites they’re spending time on.

But doing so can be costly as cyber criminals are becoming deceptively more creative with ways to manipulate and capture website visitors. There are likely to be more inconspicuously dangerous sites during the holidays, and legitimate websites can also fall victim to cyberattacks. If you happen to visit a website that’s been compromised, your computer can quickly be infected by cyber criminals implementing a popular drive-by download attack.

Drive-by downloads are one of the most common methods used by cyber criminals to install malware and gain unauthorized access to your device, so knowing how they work and what steps you can take to avoid them is essential. Here, we’ll look at what a drive-by download is, types of attacks, and how to stay protected this holiday season.

What Is A Drive-By Download?

When a computer becomes infected with malicious software just by visiting a website, it’s known as a drive-by download. The user doesn’t have to stop or click anywhere on the page, so simply visiting the page is enough to cause an infection. Most types of drive-by downloads take advantage of vulnerabilities in web browsers, operating systems, or file editors and viewers like Microsoft Office and Adobe Flash.

In a typical drive-by download attack, the hacker compromises a legitimate website by embedding or injecting malicious objects inside the web pages. While invisible to the average visitor, the infections could be injected through JavaScript code, iFrames, redirects, malvertisements (an ad that triggers malicious code when viewed or clicked), cross-site scripting, and other malicious elements.

When a user visits the infected webpage, the malicious elements are triggered and exploit a vulnerability in part of the software stack on the user’s computer. Malicious files are then downloaded silently onto the user’s device, giving the hacker complete control over the device. Hackers then have the ability to extract passwords or other potential sensitive information from the device.

Types Of Drive-By Downloads

Hackers can use a variety of malicious applications to hack a victim’s device, including:

  • Trojan horses. These provide remote control of the user’s device, usually through backdoors or rootkits.
  • Ransomware. Allows the attacker to encrypt or destroy data on the device.
  • Botnet toolkits. Attackers may directly install botnet applications that perform actions like sending spam emails.
  • Droppers. Malware built to load more malware without being detected.
  • Man in the middle tools. Also known as MitM, these tools enable attackers to eavesdrop on the user’s communications, insert data into forms, hijack sessions, and steal credentials.
  • Keyloggers. These perform keystroke capturing that allows the hacker to gain access to passwords and other sensitive information.
  • Data transfer. Tools that allow the transfer of sensitive data to its control center.

How A Drive-By Download Attack Unfolds

The growing complexity of internet browsers are contributing to the increase in drive-by download attacks, as the number of plug-ins, add-ons, and browser versions continually rises. This means there are more weaknesses for cybercriminals to exploit—especially during the holiday season, when more retailers are creating new websites, offering online deals, and putting additional time and effort into building their online presence. – Read more

Learn More About SiteLock


- Related Posts -

6 ways AI impacts the modern contact center

Ensuring excellent customer experience, optimizing agent activity, and saving money are top of mind for contact center managers, and artificial intelligence (AI) can help you

The evolution of cloud contact centers

Call centers in pre-digital times Call centers have been synonymous with customer service for decades. According to records, the earliest call center was implemented by The

eWay-CRM vs. Bitrix24 Comparison

A free CRM may be the best introduction to understanding CRM. They are free after all! Without any pressure of committing money, you can spend