Drive-by downloads
It’s accepted that Drive-by download attacks continue to be many attackers’ favorite type of attack. This is because the attack can be easily launched through the injection of malicious code into legitimate websites. Once injected, malicious code may exploit vulnerabilities in operating systems, web browsers, and web browser plugins such as Java, Adobe Reader, and Adobe Flash. The initial code that gets downloaded is usually small. But once it lands on your computer, it will contact another computer and pull the rest of the malicious coder to your system. In short, vulnerable computers can be infected with malware simply by visiting such a website, without attempting to download anything. Such downloads happen without the person’s knowledge. These are called Drive-by downloads. New data and findings have highlighted the relative prevalence of drive-by download sites, hosted on different web server platforms. Certain representations made in the article via figures give a fair idea of the concentration of drive-by download pages in countries and regions throughout the world. Locations with relatively high concentrations of drive-by download URLs in both quarters include,
The Drive-by Download concentrations were tracked by Bing at the end of the second quarter of 2013. Accordingly, the measures taken by the search engine to help protect users from drive-by download attacks include analysis of websites for exploits when indexing them and displaying warning messages when listings for drive-by download pages appear in the list of search results.
Prevent Drive-by download attacks
A TechNet article features steps for developers and IT Professionals to be taken for managing the risk related to drive-by download attacks. Some of the measures include: Preventing web servers from being compromised. Web servers can be compromised if they are not kept updated with the latest security updates. So, As a user, you can take the following precautions: Do let us know if your computer has ever been infected with a drive-by download attack. Now read: What is Malvertising?
