Protecting Web-browsers against drive by downloads

In this post I will talk about drive by downloads what they and the risks they pose and how to stop them

First off what are drive by downloads?

Drive by downloads are downloads that occur when a web browser surf to a page that hosts a script to download unwanted software on a user’s computer without the user knowing this usually is a popup or an ad that when clicked sends the user to the site that hosts the malware

The way it works in the background is the script on the webserver is looking for the type of request that the webserver receives for instance if the request comes from a Firefox browser the request would look like this
Request Header set User-Agent “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

with the above header we can tell that the browser is Mozilla version 4.0 on a windows system the webserver uses this information to run a exploit that it has in its database to exploit the web browser this is extremely effective since it is running a targeted attack against the browser instead of attacking a Firefox browser with a exploit that is used for internet explorer

This type of attack also analyzes what plugins are available and enabled on the browser for example java and flash to also run attacks on outdated plugins

This type of threat comes with risk of having unwanted software that can spy on your activities (spyware) and install malware on your computer (viruses) that can take control of your system and exploit other systems on your network businesses need to be especially careful from this type of attack

How do you stop it?

In order to stop this type of attack you can use the following layers of security

1.) Run up to date plugins make sure all you plugins on your browser are up to date
2.) Have firewall and antivirus software installed
3.) Enable web filtering when you enable web filtering some software actually has a database that is
Updated via online sources that identify know rouge hosts and block your browser from surfing to that
4.) Keep your browser up to date
5.) Do use the administrator account if you are logged in as administrator you leave yourself open to even more attacks as rouge software can exploit the privileges you are logged in with instead login as a user that has no rights to install software which adds another layer of security
6.) Beware of the sites you surf to make sure to surf to trusted websites
7.) use a webrep plugin for instance avast has a webrep software that when you do a google search can cross reference each link to a database to see of the link is on a black list similar to a web filtering software but its runs a recheck before you even click on the link rather than after
8.) Run anti-spyware software
9). disable scripting in your web browser for example no script for Firefox does not allow scripts to run in the background and require you to run each script manually this can also be a pain

All in all the idea to stop these types of attacks are common sense and making sure you have up to date software and making sure to have the most basic of protection

That’s all for now

Until next time stay secure!!!

And as always if you have any questions/comments /suggestions please let me know!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.