You may already know that hackers can redirect you to a malicious website to infect your computer with malicious software or collect personal information. What you may not know is that your computer could become infected while you visit a completely legitimate and trusted website.
“Drive-by Downloads” are attacks where cyber criminals use web scripts to automatically download and install malicious software (malware) on a computer. The end goal of installing this malware can include: stealing information (e.g., passwords, credit card numbers, social security, etc.), encrypting your files so you cannot access them without paying a fee (ransomware), or even advertising pop-ups (adware).
Hackers can sometimes even inject these malicious web scripts into legitimate, well-known websites that use outdated software or browser plug-ins.
Since these attacks require no user action, your computer can be infected in seconds without your knowledge.
Here are a few suggestions to help prevent being victimized by a Drive-by Download attack:
- Keep your Operating System and application software—especially web browsers—current. These attacks are so successful is because criminals exploit vulnerabilities in outdated software. In the newest versions/patches, software manufacturers provide fixes to high-risk security flaws.
- Clean out your computer. Outdated software sitting your machine could leave a door open for hackers. If you have software installed on your computer that you no longer use, do some cleaning and uninstall it.
- Make sure your antivirus program is installed and up-to-date. Antivirus software can help prevent known malicious programs from running on your computer—but it only works if it has the latest updates. Most antivirus software offers an automatic update option, which installs new updates once they become available. (Shameless plug: TDS offers its own Home Internet Security service that’s always on and always up-to-date.)
- Limit the number of browser plug-ins/add-ons you use. While the browser extension you use for taking care of your virtual hamster may be fun, it may not be secure. Cybercriminals can use flaws in these extensions to attack you.
- Trust your gut. Don’t rely solely on your antivirus software, as no program is perfect. If a site looks suspicious, close out of it and do some research to verify the site is legitimate.
- Use a pop-up/ad blocker. Attacks can be initiated from links in a pop-up or ad. Pop-up Blockers (e.g. uBlock Origin) can prevent unwanted pop-ups/ads from appearing on your screen. If an unwanted pop-up does launch, you can safely close out of it by starting the task manager (Ctrl + Alt + Del > Task Manager) and ending the web browser process.
Taking these six actions are relatively simple, but they could help you avoid the much bigger issues that come with Drive By Downloads.