Drive-by Downloads

MalwareSounds like web-based gang warfare…

Not quite, but the principle of being in the wrong place at the wrong time’s the same. Drive-by downloads are viruses embedded in web pages which download and run on your PC without you knowing.

How do they work?

They’re written into the code of an often-legitimate web page using a technology called cross-site scripting which allows for an embedded ‘object’. There’s no warning you’re about to download something or dodgy email attachment to delete — simply viewing the page downloads the virus in the background.

With the increase of technologies like blogging, it’s easier than ever to publish a website — giving nefarious interests an ever-growing market to exploit.

What Can They Do?

The same thing viruses have always done — anything from copying and sending themselves to all your friends, launching attacks that crash other websites or crippling your PC. Security experts are particularly concerned about their suitability for phishing (identity theft).

Are you sure this isn’t a just another way for IT security vendors to make a killing?

You decide — in May this year, Google surveyed 4.5 million web pages and one in 10 revealed ‘vulnerabilities’ that could be used to deploy viruses without you knowing. They’ve since launched a system that warns you — right in your search results — whether a site has the capability to install malicious software.

But I’m very security conscious, what else can I do?

Keep antivirus software up to date and if you use Internet Explorer 6, upgrade to version 7, which is better at warning you of hidden executables. Better yet, move to open source browser Firefox — in its native state it can’t run the sort of scripts that contain executable viruses.