Information Security Leader, Author, Instructor and Speaker

Drive-By Downloads

Posted on July 30, 2015 in Articles | by

You’ve installed antivirus software on your computer and are careful to avoid sketchy websites.  You should be safe from malware infection, correct?  Unfortunately, new stealth techniques allow hackers to sneak malware past these rudimentary defenses in an approach known as “drive-by downloads.”  In fact, users often fall victim to drive-by download attacks without even knowing that anything untoward occurred.  Hackers use this technique to surreptitiously steal confidential information, disrupt system use or join systems to large botnets for use in distributed denial of service attacks.

When an attacker launches a drive-by download attack, he first compromises a well-known website visited by the attacker’s target audience.  After gaining control of the site, the attacker is careful to leave both the look-and-feel and legitimate content on the site intact.  Instead of performing a defacement attack to claim credit for the hack in a public way, the attacker instead places malware files on a hidden portion of the site.  This malware then lurks in the background, waiting for a vulnerable target to visit the site and fall victim to the attack.  The most insidious aspect of drive-by downloads is that they attack users where they feel most safe – known and trusted websites.

Read the full story: Drive-By Downloads

Published July 30, 2015 on GoCertify.com

TAGS: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple