This article discusses methods hackers use to perform drive-by downloads, and how to prevent them.
Drive-by downloads are attacks that, as their name suggests, work quickly and install malicious software on unsuspecting victims’ computers. Their stealthy success relies on the exploitation of vulnerabilities found in Web-browsers, plugins, add-ons, and similar components that make up the browsing ecosystem. Once entrenched, they can install viruses, spyware, and take control of a computer for a wide variety of purposes. Daniel Peck, a researcher with Barracuda Labs, described the severity of drive-by downloads, “Anytime someone else gets to decide what software, what code is running on your computer, then your computer--all the information on it and everything on the network that is connected to it--is at risk.”
A report from Cisco ScanSafe revealed that enterprise users experienced an average of 274 Web-based malware attacks in the first quarter of 2011. That statistic represented a 103 percent increase over 2010’s first quarter numbers. Such a drastic increase has to have some driving force behind it, and many believe that drive-by downloads are the culprit.
Drive-by downloads come in many forms. Perhaps the most common form occurs when browsing the Web. You may visit a malicious site that was specially designed by attackers that downloads malware to your computer. Even worse, you may visit a site that is usually legitimate, but was compromised and infects your computer as well. Advertisements are another method used by drive-by downloads, as rogue antivirus software that prompts you to “protect” your computer when all it will really do is infect it.
As to why drive-by downloads are increasing, Andre Brandt, Solera Networks’ director of threat research believes the availability of sophisticated exploit kits on the black market are a driving force. Many of the exploit kits offer automated functionality which enables their users to apply them across multiple targets. Another reason for the increase, Peck believes, is the expansion of browser environments. As more browser versions, plugins, and add-ons hit the market, cybercriminals have more targets they can exploit.
Although the news of drive-by downloads is disconcerting, one has to wonder if their frequency will lessen in the near future. Not so, says Jeff Schmidt, CEO of JAS Global Advisors. “Now, with HTML5, the boundaries around the browser are lessening, so I expect more of this will happen in the future,” he noted.
Tips to Protect Yourself
Now that you have a background on what drive-by downloads are and why their presence is increasing, you are probably wondering what you can do to protect yourself. Here are some tips:
The steady increase of online threats has made the existence of frequent updates a fact of life. It’s unfortunate, but it’s a result of the constant cat and mouse game between security companies and cybercriminals. Having to install frequent updates can definitely be irritating, but if you want to keep drive-by downloads at bay, it’s an exercise you must practice.
Hackers know that users tend to ignore updates as a matter of convenience, and they use this knowledge to exploit vulnerabilities that exist in outdate versions of plugins and browsers. According to Zscaler ThreatLabs, Adobe Acrobat is the most common outdated plugin affected by such exploits. Again, while installing updates may be a hassle, taking the few minutes to install them can prevent major headaches down the road. You’ll often find that updating your antivirus software, browsers, plugins, add-ons, and more won’t even take minutes to complete, so there really is no excuse not to do it.
Limit Admin Privileges
This bit of advice is geared towards IT professionals. Most IT departments allocate standard user accounts to employees as a protective measure. This was not always the case, as employees used to be given administrative access to make it easier to download drivers and the like. Of course, such a practice offers up consequences, so the trend has shifted over time to standard accounts. Regardless, limiting administrative access helps lower the amount of damage malware could inflict on a system. “If I happen to open a browser when I'm logged in and download something bad, the scope of the damage is limited to the user context. It doesn't own the machine,” argued Schmidt.
Make Use of Web-filtering Software
One good way to keep safe while browsing is to make use of Web-filtering software. As its name suggests, this type of software helps to filter out the bad from the good. As the presence of sites tainted by drive-by downloads increases, the likelihood of you stumbling upon such a site is higher. Using Web-filtering software can form a protective barrier between you and such sites by offering recommendations on which sites are safe or unsafe. Think of this preventative measure as sort of a virtual bodyguard for your browsing needs.
Turn Java Off
Firefox Users: Employ the NoScript Add-on
Watch Out for BLADE Software
BLADE, or Block All Drive-by Download Exploits, is software that is coming soon from researchers at SRI International and Georgia Tech University. Still in its stages of development, BLADE promises to keep drive-by downloads from infecting vulnerable Windows machines. A free prototype is said to be in the works, so keep your eyes open for the launch date of this crafty tool.
For more on this topic, visit http://www.pcworld.com/article/249814/6_ways_to_defend_against_driveby_downloads.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting How-Tos Articles
More By wubayou