Being Secure From Drive-By Malware

Author: Rahul Satish

Despite high levels of investment on security tools like firewall, anti-malware, etc and precaution measures like safe browsing, etc many Internet users still fail to keep their PCs from getting infected. This can be attributed to the lower awareness levels on the increasing types of malware which evolve with new tactics and also negligence in updating the application software of PC regularly. Drive-by malware is one such type of malware which infects a PC through vulnerabilities of the outdated applications installed.

What is Drive-by malware?Drive-by malware mostly uses vulnerabilities in the web browser, browser plug-ins or a security hole in applications like Adobe Reader, etc to infect a PC. Drive-by malware is a malicious code that downloads when visiting an infectious website, opening an attachment to a spam e-mail or by clicking on a deceptive pop-up window. Often, this arbitrary code downloads and executes in the PC even without the knowledge or permission of the user.

Infected websites major source of malwareDespite avoiding illegitimate and suspicious URLs, one can be still be prone to online malware attacks. A recent report from Symantec says that 90% of all websites used to spread malware or launch attacks against users are legitimate ones that have been infected. Often most of the webmasters or owners of these infected websites will not be aware of the infection. This generally occurs due to usage of old vulnerable Web server software which can easily get exploited by a malicious ad distributed through an advertising network, and other means. According to Websense Security Lab, the number of websites with malicious software grew 225% in the last six months of 2009 alone and that most websites with malicious code are legitimate sites that have been hacked.

Since the owner of the website itself is not aware of the infection, the users will be unknowingly opening the legitimate-but-infected site and get their PC infected with drive-by or any such malware.

Avoid reading PDF documents in browsersAdobe Reader is the most popular PDF reader software today. However, it is also one of the mostly exploited software. According to researchers at the Georgia Institute of Technology and California-based SRI International, Adobe Reader attracted almost three times as many attempts by drive-by malware as the other programs. Thus, it is important to keep the Adobe Reader updated regularly. Despite regular updates of this PDF reader you might still be at the risk of its latest vulnerabilities. Thus, it is recommended to avoid opening PDF documents in web browser.

Other Applications that can be vulnerableResearchers found that apart from Adobe Reader, the most frequently targeted applications of drive-by download exploitation are Sun Java and Adobe Flash. Firefox 3 had a lower browser infection rate than all versions of Internet Explorer. PCs using Microsoft’s Internet Explorer 6 are very likely to get infected by drive-by attacks. Microsoft has recently reported the instance of hackers hijacking PCs with drive-by attacks by exploiting security flaws of IE 6 and IE 7. However, IE 8 is said to be immune to the attacks.

Keep your Software updatedKeeping your system updated is the most important factor in protecting yourself against drive-by malware as it mostly exploits unpatched security holes of software applications. Users having PCs with Windows should check for patches and update their Operating System regularly. Updating all other applications like PDF reader, web browsers, plugins, etc is also as important for maintaining the immunity of the PC.

The malware existing in Internet today has become hyperactive in infecting the PCs. Even a small mistake, like neglecting the updates, in this scenario may take a big toll. Regular updation and abandoning usage of old vulnerable software is the best way to protect your PC against drive-by malware.