Drive-By Download

2nd March 2020 | Cybrary Drive-By Download


A Drive-By Download is the unintentional download of malicious code to your computer or mobile device that may compromise your computer leaving you open to further attack by hackers. Many cyber attacks require a user to do something in order to activate an attack, whereas a drive-by download doesn’t rely on the user at all. All that is needed is for an unsuspecting web user to visit a web page is compromised. This could be a recently compromised news website where malicious code is secretly being downloaded in the background to your device.

Recent evidence published by Google’s vulnerability research team Project Zero has shown mobile phone devices can be hacked through drive-by downloads in addition to desktop and laptop computers.

Source: McAfee

Related Reading:

Chrome Will Soon Block Drive-By-Download Malvertising

A deep dive into iOS Exploit Chains

What does this mean for an SMB?

The most important thing for an SMB to do is to ensure all employees’ web browsers and computer operating systems are fully patched to reduce the likelihood of unwanted malicious installs. Secondly, there are new Domain Name Service (DNS) services from Cisco (Umbrella) and WebRoot which check your DNS requests and block access to known malicious websites automatically.  Ask your Managed Service Provider (MSP) if they support deployment of one of these DNS solutions. Thirdly, and equally important to patching is providing awareness training to your employees on how to determine if a website is safe (and many other topics).  As of July 2019, all websites should display a lock symbol which means they have registered a Secure Socket Layer (SSL) certificate. This ensures all communications between your computer and that website are securely encrypted.  These SSL registries validate a website owner’s identity before issuing an SSL certificate.  However, having an SSL certificate is not a guarantee the website hasn’t been compromised.  It could still be pushing malware down to user’s computers.  What it does allow for is a quick escalation of a compromise to the website owner based upon contact information in their certificate reducing the time they are online after compromise. Finally, there are some safe search plugins available for browsers that provide reputations on websites that are returned in a Web Browser search on Google or Bing; these are called browser extensions. One example is McAfee’s safe searching tool called Web Advisor. Some of these browser extensions can be cumbersome to manage, install, and support, so use this last advice carefully. CyberHoot recommends this for power users rather than the everyday employee.

To learn more about Drive-By Downloads, watch this short 6 minute video:

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

CyberHoot Newsletter – June 2025

CyberHoot Newsletter – June 2025

CyberHoot June Newsletter: Stay Informed, Stay Secure Welcome to the June edition of CyberHoot’s newsletter,...

Read more
Make Phishing Training Count with HootPhish

Make Phishing Training Count with HootPhish

Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...

Read more
Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more