What Is A Drive-By Download?

Date First Published: 18th May 2023

Topic: Cybersecurity

Subtopic: Threats To Individuals

Article Type: Computer Terms & Definitions

Difficulty Level: 7/10

Learn more about what pharming is in this article.

A drive-by download is a vulnerability which unknowingly downloads and installs things on a computer without the user's permission or knowledge. Drive-by downloads are often designed to exploit vulnerabilities in web browsers, applications, and operating systems. They may also be caused by malware installed on the user's computer which downloads files without their permission and tries to automatically run them.

All the user has to do for the download to take place is "drive by" and it does not require any other user interaction, like clicking the download button or opening an email attachment. Because no user interaction is required, they are one of the most dangerous types of vulnerabilities and are a way for attackers to sneakily infect a device with malware.

How Do Drive-By Downloads Work?

Drive-by downloads work by automatically downloading files without the user's permission. They often sneakily run in the background without your permission. Some may try to run files without your permission and exploit vulnerabilities. Below is information on how these exploits work.

If you visit the exploit kit landing page, the exploit kit analyses your device to search for potential vulnerabilities and determine if you can be targeted. They often analyse your operating system, web browser, IP address, plugins, and more. If you are considered to be an appropriate target for that exploit, the exploit kit will exploit the detected vulnerabilities to carry out the drive-by-drive download. If you are not an appropriate target for that exploit, you might be redirected to another page that tries to trick you into downloading malware. Getting your computer infected with the malware would require you to download and run the file.

Your browser will not notify you about the drive-by-download in progress. The download bar will show nothing because these types of exploits are designed to download malicious files in a way that your browser won't be able to detect. A lot of people wonder how they can avoid running the file that has been downloaded on their system without their permission. Like the download, the file can also be run in a way that your operating system won't detect. It will sneakily download and run.

Your antivirus might also not be able to detect and block the malicious file from running as cybercriminals try to find ways to get around detection mechanisms even if your antivirus is up to date. For more information about whether it is possible to get a virus just by visiting a website, see this article.

Are Drive-By-Downloads Still Common?

Even though drive-by downloads can happen automatically and download files on your computer in the background, getting infected with malware just by an automatic drive-by download is getting rarer and rarer. As of now, it is very unlikely that an executable file will run without your permission. Even if they download on your computer, they don't put your computer at any risk unless you open and run it. It would need to be installed before it could infect your computer.

Getting infected with malware from a drive-by download will very often require more user interaction than simply visiting a website. These security risks only exist due to poor security practices, such as delaying applying important security patches, leaving users vulnerable to exploits. For security reasons, no browsers will automatically run executable files without the user's permission.

How To Prevent Drive-By Downloads?

Below are five steps to prevent drive-by downloads.

• Turn on automatic updates for your operating system, web browser, and plugins. Attackers exploit vulnerabilities in web browsers, operating systems, and applications to perform drive-by-downloads. Updates can fix bugs and vulnerabilities discovered by other users.
• Use strong antivirus software. Strong antivirus software often monitors attempts to perform drive-by downloads and can detect and remove malicious files before they have a chance to run and infect your computer. Antivirus software may also come with a website filter, which will block websites that try to perform drive-by downloads to install malware.
• Don't click on any suspicious links. Avoid clicking on suspicious links in emails, webpages, or messages. They may contain malware that tries to perform a drive-by-download. If it looks suspicious, it probably is.
• Be wary of sites with lots of popups. If you see a website that launches lots of popup windows, then that is a sign that it is trying to perform a drive-by download on your computer. You should be wary of any site offering to download something that you haven't selected.

Comments