Drive-By Down­load

Simply vis­iting an infected web­site is suf­fi­cient to infect your device. Web­sites affected often con­tain rep­utable offers and have been com­pro­mised before­hand to dis­tribute mal­ware. But you can pro­tect your­self.

Pro­tect your­self against drive-by down­loads by...

  • always using the most cur­rent ver­sion of your browser and all plug-ins (Adobe Flash Player, Java, etc.).
  • always keeping your oper­ating system and all pro­grams installed (Office, Adobe Acrobat Reader, etc.) up to date.
  • always updating your virus scanner and reg­u­larly checking your hard drive for viruses.

Drive-by-infec­tions threats

Hackers often sys­tem­at­i­cally exploit web­sites by exploiting their vul­ner­a­bil­i­ties. Web­site oper­a­tors often remain unaware of this for some time.

The fol­lowing items will explain what it is that makes drive-by down­loads so dan­gerous and unpre­dictable:

  1. A device is infected by simply vis­iting an infected web­site con­taining mali­cious code, i.e. it is not nec­es­sary for vis­i­tors to start any down­load or explic­itly install any­thing.
  2. The mal­ware down­load is started auto­mat­i­cally in the back­ground once you visit a web­site. This bypasses fire­walls, which don’t offer any pro­tec­tion against this.
  3. And it is not only pages with dubious con­tents which are affected; respectable, well-known and fre­quently vis­ited web­sites can also become infected with mali­cious code.

Counter-mea­sures

To pro­tect your­self, you should also use the latest ver­sion of your browser including any plug-ins (util­i­ties expanding browser func­tion­ality) you use.

Another impor­tant pro­tec­tive mea­sure is to always keep your anti-virus soft­ware up-to-date. Since many viruses are down­loaded as a zipped file and are only unzipped once on a user device, virus scan­ners are not always able to detect them. It is there­fore vital to run reg­ular com­plete virus scans of your hard drive (for instance every week).

Checking web­sites

Norton (Symantec) offers a ser­vice on their web­site which enables you to find out the secu­rity status (and inherent poten­tial threats) of well-known web­sites.

To do so, visit Norton Safe Web and enter the address of the required web­site into the field pro­vided. You will then be given a web­site assess­ment by Norton.

"Drive-by down­load" (also called "drive-by infec­tion") is the term used for a device which becomes infected with mal­ware (for instance viruses, Tro­jans) solely by vis­iting a web­site. In the process, browser or browser plug-in vul­ner­a­bil­i­ties are exploited.

Fur­ther infor­ma­tion for those inter­ested

Tech­nolo­gies

Nowa­days, web­sites fre­quently con­tain dynamic func­tions imple­mented via tech­nolo­gies such as JavaScript, Java, Adobe Flash, etc. These tech­nolo­gies allow for browsers and web servers to con­tin­u­ously com­mu­ni­cate with each other for the dura­tion of a ses­sion (the time period vis­i­tors spend on a web­site), without vis­i­tors having to do any­thing spe­cific. This is for instance used to exchange banner ads, load lists, or transfer data to the web server.

These actions are gen­er­ally run in a browser’s so-called “sandbox”. A sandbox is a stan­dard com­po­nent of browsers or plug-ins serving to reduce the risk poten­tial on the Internet. In the process, unknown scripts are pro­vided with a con­tained area where they can be run safely (i.e. they only have lim­ited access, for instance to a local hard drive).

If a browser or plug-in has a vul­ner­a­bility though, such scripts can access user devices directly. It is there­fore pos­sible for mal­ware go get from the web server to the browser and then onto a user device via such a vul­ner­a­bility, without any con­scious action by a user.

Pro­tec­tion pro­vided by script lan­guage deac­ti­va­tion?

There are no really effec­tive pro­tec­tive mea­sures against drive-by down­loads to date. To increase secu­rity fur­ther, you can deac­ti­vate script lan­guages. How­ever, this is not really a solu­tion fea­sible in prac­tice, since 95% of all web­sites rely on the tech­nolo­gies men­tioned above, so that a large number of web­sites can no longer be dis­played prop­erly this way.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend