Drive-By Downloads: How to Prevent Sneak Attacks

February 26, 2021

Drive-by downloads deliver threats that range in severity from privacy violations to injecting malware onto your devices. Preventing drive-by downloads can be tricky, due to the stealthy nature of these attacks – many victims are unaware that a drive-by download has even occurred.

What is a Drive-By Download?

A drive-by download is when your device’s security is compromised by either unintentionally downloading software, or software that has automatically breached weaknesses on your device.

Drive-by downloads can come from a variety of sources. They can come from:

  • Files downloaded from the internet (intentionally or unintentionally)
  • Through email content and attachments
  • Clicking on a pop-up that leads you to think one (safe) thing, but actually represents something far more sinister than anticipated

You may be wondering how this could possibly happen to you, especially when you are both security-conscious and have cybersecurity protection. Drive-by downloads can occur through several entry channels.

How Can a Drive-By Download Happen?

The first way a drive-by download can take place is when you unintentionally download computer software. You authorize a download with imperfect knowledge – you don’t know exactly what files you’re downloading alongside the ones you know to be there. This could be potentially unwanted programs (PUPs) or potentially unwanted applications (PUAs) that are bundled along with those  you do want, and deliberately download.

The second way a drive-by download can happen is without your knowledge. Malware, spyware, or a virus that takes advantage of security weaknesses in your web browser, operating system, or similar. You don’t have to act for this type of download attack to happen, the breaches are automatic, and happen without you knowing it.

It may be that a hacker has created a trick to make you think you’re seeing something familiar, when you are actually seeing something deliberately set-up to look familiar. An example of this is a pop-up window posing as an advertisement that you click to dismiss. This click is interpreted as consent to a download. You’re unaware of the meaning coded behind the familiar closing of a window, and just as unaware that a download is taking place.

Are Drive-By Downloads Dangerous?

Some drive-by download attacks are more irritating than dangerous. It could be that your privacy is compromised rather than your safety, delivering annoying or ad-targeting programs such as adware onto your device. Alternatively, drive-by downloads can be very dangerous. Spyware may take more information about you than just your supposed interests: personal and customer identity information, financial information, and online credentials could all be stolen.

Once personal and private information has been stolen, the attacker has multiple ways of profiting from the attack, either by using this information against you directly, or passing the information on to third parties, who in turn can use your information against you. A common example is for an attacker to lock and encrypt your device’s data then demand a ransom from you to reinstate access. At an enterprise level, a breach of this kind is not only financially damaging, it is also a matter of reputation, especially if the breach reaches the public domain.

What Can Protect you from a Drive-By Download?

Beyond the regular best practice activities for your organization and devices used, Votiro’s Secure File Gateway with Positive Selection® technology will protect you from downloading of PUPs/PUAs, malware, and rogue links to malicious internet pages.

This is achieved by understanding the architecture of file formats, breaking down elements of a file recursively into the lowest level object, then allowing only known elements of the file type to pass through to a file reconstructed based on a clean template.

Links are tested for authenticity, with only good links passing the Positive Selection® investigation and inclusion in the reconstructed file. Whether PUP/PUAs are malicious or not, this is where Votiro’s Secure File Gateway works well – all types of programs will stay out, unless bypassed by your selected policies.

When Votiro’s Secure File Gateway is partnered with a web isolation service, your protection from drive-by-downloads increases to include files that attempt automatic download. Your web isolation service passes all download files, whether deliberately downloaded or automatically downloaded, to be processed with Votiro’s Positive Selection® technology. These files are processed in exactly the same way as described earlier, with only known elements passing to the reconstructed file based on a clean template. 

Prevent Drive-By Download Attacks

Whatever the source of a drive-by download attack, the potential damage that can be done to your organization in terms of finance and reputation, can be avoided with the use of Votiro’s Secure File Gateway with Positive Selection® technology and a web isolation service.

Watch the joint Votiro & Broadcom webinar, “Don’t Surf, Don’t Click!” The Better Way to Access Websites & Download Files to learn more.