We all know that the Internet presents risks. That there’s value in our stored data. That hackers and thieves want in. Most of us know not to click on suspicious links, downloads or email attachments. But you don’t always have to click to make yourself vulnerable. Sometimes just visiting a website is all it takes.
The Drive-by Download
Hackers are always testing Internet security, looking for minor flaws that allow them to get through defenses. Drive-by downloads work by exploiting weaknesses in a website’s security in order to gain access to its visitors’ systems.
Hackers first identify websites that are vulnerable to being hacked and install what is called an exploit kit. These kits contain small bits of code designed to sneak past your computer or device’s defenses. Chosen sites are not typically mainstream. They are usually those that provide adult or illegal content, such as pirated television, film and sports.
These types of sites are vulnerable because their owners tend to focus on content, and not the design, quality or defense of the site itself. User experience and site security is not a priority. Making fast, easy money is.
Once an exploit kit is installed on a site, it automatically (drive-by) downloads its malicious code to anyone who visits. The code searches for vulnerabilities in the security of its new host’s browser, app or operating system. If the code finds a weakness it will covertly instruct another computer to download additional malware.
Now you’ve got a malware problem.
Protect Against Malware
There’s no foolproof way to protect yourself from the drive-by download but there are some simple precautions that make you less vulnerable.
- Avoid adult or illicit websites.
- Keep your operating system and Internet browsers up to date.
- Install comprehensive security software on all devices and keep them up to date.
- Use an ad blocker, as some drive-by downloads come from ads.
- Think twice before following a link recommended on social media.