A drive-by download attack involves the involuntary download of malicious code, file or software onto a computer or mobile device. Cybercriminals may use drive-by downloads to harvest your personal information, spy on you, inject banking Trojans, or infect your entire network with malware.
Drive-by download attacks can happen in many ways. Simply visiting a compromised website can be enough. The user often doesn’t have to take any direct action to prompt the download of malicious code on his device. This can take place when you visit a compromised website. Cybercriminals exploit security flaws on online platforms to inject malicious code. When you visit a compromised website, the code sniffs vulnerabilities in your browser or device and triggers the download of malicious software onto your device.
In other scenarios, drive-by downloads can be triggered by seemingly unobtrusive interactions with a pop-up ad or by clicking on a link received on social media or email. The close button for a pop up ad can act as the spark plug for these attacks. When an unsuspecting user clicks the “X” button to close the ad, he starts a malicious download on his device. The same goes for email attachments or links that may seem safe to access at first. A simple click will launch the download on your device.
Drive-by download attacks exploit vulnerabilities in your outdated apps, browsers or operating systems to eavesdrop on user communications, steal session credentials, install keyloggers and botnet toolkits, and even deploy ransomware.
Malicious drive-by downloads are often hosted on websites that provide mature content and on file-sharing platforms. Still, reputable websites can be compromised to serve hidden malicious code to visitors.
How to protect your device and data from malicious drive-by downloads
To protect against drive-by downloads, users should avoid accessing suspicious websites and be mindful of security notifications that warn about expired website certificates.
Be particularly wary of online ads that promise you gifts or rewards, and install a trusty ad-blocker. When downloading software onto your device, stick to official, reputable sources. Delete unnecessary apps and programs, especially if they no longer receive security updates from the vendor.
Remember to always keep your operating system, browser and applications up to date with the latest patches. Be mindful of social engineering attacks such as phishing and install a security solution on your devices.
Build up your digital security and keep your devices malware-free with our 90-day free Bitdefender Total Security trial. With the vulnerability assessment feature, you can scan for vulnerabilities and get advice on patching any security holes. At the same time, the multi-layered and innovative technologies keep you safe from all kinds of malicious attacks, phishing or fraudulent websites and links, no matter your favorite online activity.