Skip to main content

IT@Cornell


Your Browser Permits a Drive-by Download

A drive-by download is when a malicious web site you visit downloads and installs software without your knowledge. The objective of drive-by downloads is usually to install malware to record what you type and what sites you visit, to search your computer for stored passwords, or to open your computer to remote control.  This is currently the most prevalent threat, and one that is hard to guard against.

Drive-by download’s are often, though not always, found on sites that could be labeled more promiscuous (gambling, gossip, or other less savory topics). That said, even otherwise legitimate sites can be hijacked into hosting drive-by downloads with third-party ads; Expedia.com and Rhapsody.com both learned this the hard way in 2008. See Internet Safety is Our Shared Responsibility.

Drive-by downloads happen in two ways

  1. The first appears as an advertising popup or other active portion of a web page. Clicking these popups or, in some cases, even attempting to close them, is interpreted as a consensual download and malware is installed on your computer. Often, in an attempt to trick you into downloading malware, these popups will look like an official warning from your operating system or antivirus software.
  2. The second takes advantage of the natural design of your web browser to display web page content. If that content includes something that needs to be downloaded to view it correctly, your browser may offer to run it, infecting your machine.

Google reported, in 2007, one in ten Internet sites hosted a drive-by download. In 2008, Sophos (a major antivirus vendor) estimated that 6,000 newly infected sites appear every day.

Reasons why drive-by downloads are so prevalent

  • A legitimate web server may have vulnerabilities that allow a hostile site to deliver content.
  • Most drive-by downloads exploit the victim’s willingness to dismissively click popups and warnings as they navigate to the desired content.
  • Very few drive-by downloads can be prevented by keeping software up to date.

How your browser tries to prevent drive-by downloads

Modern browsers take several defensive steps against drive-by downloads. Most will prominently warn of executable programs and offer a safe course of action. Even with these aids, it’s important to be wary of any site offering to download or run something you haven’t consciously selected.

Some browsers will refuse to directly execute software received while browsing, instead forcing you to save it to your hard drive, to be examined by an antivirus program. When this is the case, if you attempt to run that program later, even after you’ve finished browsing, you may be prompted with stern warnings about untrustworthy content.

How you can help prevent drive-by downloads

One common configuration makes drive-by downloads particularly effective at introducing hostile software: using the web when you are logged into your computer as an administrator. If you can install software applications, modify your computer’s configuration, or perform administrative functions (create accounts, change passwords other than your own, monitor system and network activity, etc.), then you’re logged in as an administrator. This means anything run during your web browsing session will have the same privileges on your computer as you do.

Using the web without administrative rights greatly reduces both the risk of a successful drive-by download, as well as the potential damage should one succeed. Learn how to manage administrative rights:

Look for https://

Any site asking you to transmit personal information, such as credit  card numbers, should always have a URL starting with https:// (note the s), rather than http://. If it does not have the s, what you send over the network is not encrypted. Don’t do business there. Of course, just because a site uses encryption does not guarantee it is secure. It’s still possible that the entire site is a scam.