Gone are the days when you had to click to “accept” a download or install a software update in order to become infected. Now, just opening a compromised web page could allow dangerous code to install on your device.
You just need to visit or “drive by” a web page, without stopping to click or accept any software, and the malicious code can download in the background to your device. A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device.
A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw. This initial code that is downloaded is often very small (so you probably wouldn’t notice it), since its job is often simply to contact another computer where it can pull down the rest of the code on to your smartphone, tablet, or computer. Often, a web page will contain several different types of malicious code, in hopes that one of them will match a weakness on your computer.
These downloads may be placed on otherwise innocent and normal-looking websites. You might receive a link in an email, text message, or social media post that tells you to look at something interesting on a site. When you open the page, while you are enjoying the article or cartoon, the download is installing on your computer.
Security researchers detect drive-by downloads by keeping track of web addresses that they know have a history of malicious or suspicious behavior, and by using crawlers to wander the Web and visit different pages. If a web page initiates a download on a test computer, the site is given a risky reputation. Links in spam messages and other communications can also be used as source lists for these tests.
The best advice I can share about avoiding drive-by downloads is to avoid visiting websites that could be considered dangerous or malicious. This includes adult content, and file-sharing websites. Some other tips to stay protected include:
Keep your Internet browser, and operating system up to date
Use a safe search tool that warns you when you navigate to a malicious site
Use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! (Disclosures)
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- What is Typosquatting?
Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”). When users make such a typographical error, they may be led to an alternative website owned
- What is Browser Hijacking?
Imagine it. You sit down at your computer about to do your daily perusal of Buzzfeed or check out The Financial Times but your homepage is now some weird search engine you’ve never seen before. Guess what? You’ve been hijacked. Browser hijacking is when your Internet browser (eg. Chrome, FireFox, Internet Explorer) settings are modified. Your
- What is Ransomware?
Imagine that you want to pull up a certain file on your computer. You click on the file and suddenly a notice flashes on your screen saying your computer has been compromised and in order to get your files back, you need to pay up some money. This, ladies and gentlemen, is ransomware, a nasty
- What is malware and why should I be concerned?
“Malware” is a shortened version of the words malicious software. It is defined as: a generic term used to describe any type of software or code specifically designed to exploit a computer/mobile device or the data it contains, without consent. Most malware is designed to have some financial gain for the cybercriminal. Whether they are seeking
- What is a Rootkit?
A rootkit is a kind of software that conceals malware from standard detection methods. A good analogy for a rootkit would be a burglar breaking into your house. The burglar is dressed all in black, so that his form blends into the darkness. He tiptoes around to hide his sounds so he’s more likely to go undetected
Leave a Comment
You must be logged in to post a comment.