loader gif

What should I do to prevent Drive-by download hacks?

Exploit, Infection

If you have visited a malicious website then you are at a high risk of getting hacked. Most people believe they could get a virus or a Trojan installed in their device only when they click on malicious links which starts an install but this is false. Even if you knowingly or unknowingly land on a malicious website and sit there doing nothing your device could get infected by what is known as “drive-by downloads” which is a term for how malware can infect your device by visiting a webpage that is running a malicious code. All it takes in just a fraction of a second to get your device “pwned”.

sophos

These kind of attacks are known as “web attacks” which basically happen in 5 stages.

Stage 1 : Entry Point

Usually a malicious website is basically a hacked legitimate websites. Once you go to a hacked legitimate website you will be redirected to a webpage running malicious code. The moment you land there, a malware will be automatically installed in your computer.

Stage 2 : Distribution

After installation, the malware uses fast flux techniques to redirect the user to an exploit server. These techniques depend on the kind of operating system and browser (Mac/Windows, Safari/Chrome/IE) you are using and change from one to the other.

Stage 3 : Exploit

The exploit packs on the exploit server will start looking out for vulnerabilities in your browser, Operating System, Media Player, Java, PDF reader and other plugins.

Stage 4 : Infection

The malware will then download a more malicious payload that will either install a Trojan or a Ransomware or a hybrid malware which is the new bad boy in town. Accordingly either your sensitive data will be stolen or your files will be encrypted to make a demand for ransom or if you are too unlucky you might have to face both situations at one go.

Stage 5 : Execution

The criminals behind the malware will use your sensitive data to perform execution. They might do this by selling your information over the dark web, or phish you through a phone call for executing financial transactions. In the later part, you need to understand they already have your sensitive data such as online banking credentials, credit card details etc. However, that might not be enough for them to steal money if you are using “two-factor authentication” that sends you a “one-time password” on your registered phone number every time you execute a financial transaction. Always remember to use two-factor authentication. If your bank gives you an option and you have deactivated it, please activate it immediately.

How can you protect yourself from such attacks?

  • URL Filtering: You should use an effective and a simple URL filter to follow safe surfing policy.
  • Malicious site filtering: Use malicious site filters that keep themselves updated in real time and block infected websites as soon as possible after the breach.
  • Look out for solutions which provide blocking features against anonymous websites that try to bypass URL filters through proxys.
  • Advanced Web Malware Scanning tools should be used to block drive-by downloads. Selection of tools should be based on the fact if they are offering latest features such as JavaScript emulation.
  • Use a Network Sandbox to provide extended security to your web and email. Network Sandbox helps capture malware that can evade traditional defenses.

And if you suspect that your computer has already been infected, you should first disconnect your device from the internet and run a thorough scan by an updated antivirus.

loader gif