3 things you need to know about drive-by downloads

Threats & Hacks

Back before most of your smartphones were born, people used to install their own malware. This mostly happened through opening email attachments cloaked to hide the fact that it was malware. While this method is seeing a bit of a renaissance with some savvier delivery methods, people are far more aware that clicking on attachments they weren’t expecting could unleash a digital nightmare.

Online crooks. have adapted. They’ve figured out ways to avoid user precautions and install their malware for you…

Meet the drive-by download.

1. F-Secure Labs has seen this sort of attack for more than half a decade.
“The criminals’ new preferred way of spreading malware is via drive-by downloads on the Web,” Mikko Hypponen wrote in March of 2008. “These attacks often still start with an e-mail spam run but the attachment in the e-mail has been replaced by a web link, which takes you to the malicious web site.”

By simply clicking on an email, a website or a pop-up window, you could be inviting rogue software in. If you hear a major site was serving up malware through bad ads, chances are a drive-by download was involved.

It’s been used to get PCs “stoned“, has evolved into a mobile threat and was the method used to spread the largest Mac threat ever — Flashback. It’s even utilized by the FinFisher attack tools marketed for use by governments and law enforcement.

2. It takes a village (or at least an infrastructure) to make it work.
“The threat is an ecosystem – there are lots of players,” Security Advisor Sean Sullivan explained. “For example, the bank robber somehow buys a list of email addresses and would then hire a spammer who spams, and the spam links to the hired exploit kit vendor who drops a trojan-downloader (which was bought from some other vendor), and then the trojan-downloader downloads and installs the bank robber’s trojan (which is also likely based on a kit, such as ZeuS).”

3. It may be smarter than your anti-virus.
This threat is engineered to get around your security software and any security training that you have. Keeping all your software updated all the time is a necessary precaution. But these attacks tend to involve exploit kits that could target any and all vulnerabilities.

Make sure your security software uses multiple methods to protect against both known and unknown threats.

Timo Hirvonen — keeper of F-Secure’s nearly mystical Deepguard — told me, “It’s a prime example of a threat where all our protection layers contribute to protecting the user.”

Cheers,

Jason

 

2 Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like