Drive-by Download

What is a Drive-by Download?

A drive-by download refers to the unintentional download of malicious code onto a computer or mobile device that exposes users to different types of threats. Cybercriminals make use of drive-by downloads to steal and collect personal information, inject banking Trojans, or introduce exploit kits or other malware to endpoints, among many others.

What sets this type of attack apart from others is that users need not click on anything to initiate the download. Simply accessing or browsing a website can activate the download.

The malicious code is designed to download malicious files onto the victim’s PC without the user being aware that anything untoward has happened.

A drive-by download abuses insecure, vulnerable, or outdated apps, browsers, or even operating systems. 

Notable Drive-by-Download Attacks

Lurk, a cybercriminal group infamous for their stealthy and fileless infection techniques, exploited web browser vulnerabilities for their drive-by download attacks. A cyberespionage group called Patchwork (or Dropping Elephant), used drive-by download techniques — such as creating a fake social video website called YoukuTudou to target victims in China — to download and execute an xRAT Trojan under the guise of an Adobe Flash Player update. Meanwhile, in 2016, a drive-by download attack took advantage of an Adobe Flash Player vulnerability bearing the Locky ransomware, a highly damaging crypto-ransomware, as its payload. 

To be protected against drive-by downloads, regularly update or patch systems with the latest versions of apps, software, browsers, and operating systems. It is also advisable to stay away from insecure or potentially malicious websites. Drive-by downloads were observed to be hosted in websites of questionable reputation, or even reputable websites that have been compromised. A reliable and proactive security solution that actively scans websites can help protect endpoints from drive-by downloads and other cyberattacks.