by:  Matt Haring


In many cases, malware will be automatically installed on the system; in almost all cases, the user won’t be aware of it.

The malware delivered by a drive-by download is usually classified as a Trojan horse, or Trojan for short, because it deceives the user about the nature of the website or email. In most cases involving compromised websites, the operator of the website has no idea his site is distributing malware.

Once installed, malware delivered by a drive-by download can do a number of different things: log keystrokes, scan the system for files of a personal nature, herd the system into a botnet of similarly compromised machines, infect the Web browser with a banking Trojan that hijacks online-banking sessions or install a “backdoor” that will let in even more malware.

Modern Web browsers such as Firefox and Google Chrome, as well as anti-virus software (i.e Webroot), will alert users when browsers visit websites known to be compromised or malicious. But many drive-by download links are well hidden and won’t cause infected sites to appear on blacklists of compromised sites.


A real-world example:

The Mac Flashback outbreak, which infected an estimated 600,000 Macs in, showed how successful drive-by downloads can be.

Malware writers began by creating a fake “toolkit” for WordPress-based blogs that tens of thousands of WordPress users installed, creating a “backdoor” that let the malware writers infect their blogs.

Browsers visiting those pages were redirected to malware sites, which tried to install a “downloader,” the first part of the Flashback Trojan. If direct installation of the downloader without the knowledge of the user failed, another piece of malware used a more traditional technique: It asked the user for permission to install (fake) Apple software, which was in fact the downloader.

Once installed, the downloader would install more malware. One piece was a backdoor; another hijacked Web browsers to replace Web ads with ads controlled by the malware writers.

The Flashback outbreak was contained by Apple security updates, but in retrospect, the owners of those 600,000 infected Macs were lucky.

The backdoor didn’t install anything except fake ads. It could have instead stolen the users’ identities, emptied their bank accounts or used the infected machines to pump out spam and malware.


How to protect yourself:

To avoid being infected by drive-by downloads, computer users need to do three things.

First: Beware of your browsing habits. Don’t attempt to go to websites that look sub-par, chances are they’re malicious.

Second: Always use anti-virus software. RCG recommends Webroot, this software is available at both the commercial and consumer level.

Third, DNS Filtering: OpenDNS is a piece of software that eradicates malware, phising, and botnets through DNS. In short, OpenDNS filters out the malware before it ever makes it to your web browser.

Smartphone and tablet users need to take different precautions. Owners of Apple iOS devices such as the iPhone, iPad and iPod Touch should avoid “jailbreaking” their devices and should install Apple system updates.

Android owners, however, should never immediately install a system update that suddenly appears on their screen; instead, they should check the Google Mobile Blog to check whether it’s legitimate. Installation of mobile security software is also essential for Android users. OpenDNS can also be added on mobile devices for extra protection.