Drive-by Downloads: The Web Under Siege

15 Apr 2009
Virus News

Kaspersky Lab presents the article 'Drive-by Downloads: The Web Under Siege' by Kaspersky Lab security evangelist Ryan Naraine. The article is devoted to the covert downloading of malware from websites without the user’s knowledge, known as drive-by downloads.

Cybercriminals deploy exploits on a malicious server. Code to redirect connections to that malicious server is then embedded on Web sites, and lures to those sites are spammed via e-mail or bulletin boards. Whereas before Cybercriminals created malicious websites, now they increasingly compromise legitimate Web sites and either secretly embed an exploit script, or plant redirect code that silently launches attacks via the browser. This makes drive-by downloads an even greater threat.

Malware exploit kits, which are sold on underground hacker sites, serve as the engine for drive-by downloads. The kits are fitted with exploits for vulnerabilities in a range of widely deployed desktop applications, including Internet browsers.

If an exploit is successful, a Trojan is silently installed that gives the attacker full access to the compromised computer. The attacker can take advantage of the compromised computer in order to steal confidential information or to launch DoS attacks.

According to ScanSafe, 74 percent of all malware detected in the third quarter of 2008 came from visits to compromised Web sites. This means that we are in the midst of a large-scale drive-by download epidemic. Over a recent ten-month period, the Google Anti-Malware Team found more than three million URLs initiating drive-by malware downloads.

The drive-by download epidemic is largely attributed to the unpatched state of the Windows ecosystem. With very few exceptions, the exploits in circulation target software vulnerabilities that are known – and for which patches are available. The most practical approach to defending against drive-by downloads is to pay close attention to the patch management component of defense. It is also essential to install antivirus software and to keep its databases updated. Importantly, the antivirus product should include a browser traffic scanner to help pinpoint potential problems from drive-by downloads.

The full version of the article is available at and an abbreviated version can be found on the Kaspersky Lab corporate website

This material can be reproduced provided the author, company name and original source are cited. Reproduction of this material in re-written form requires the express consent of the Kaspersky Lab Public Relations department.

About Kaspersky Lab

Kaspersky Lab delivers the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab products provide superior detection rates and the industry’s fastest outbreak response time for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers.