Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Discussion - How to stop drive-by malware downloads?


  • Please log in to reply
4 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 07 October 2014 - 08:16 PM

A drive-by malware download is where there is an unintentional download from a web site of malicious software. This can happen when a browser or app that is out of date is exploited, or perhaps (?)  by advertising links on a web page or maybe an unseen iframe.
 
Can this type of automatic malware download by stopped by configuring browsers to ask before any download, even if the download is not intentional, that is, I have not intentionally clicked on a link to download something? 
 
If so, would these browser configurations stop this type of download?
 
Chrome: check the "Ask where to save each file before downloading" box
 
IE 11: Internet Options --> Security Settings --> Internet Zone: Check the box for Downloads - File download - Disable
    There is one web site that recommended setting "Automatic prompting file downloads" to Enable -- I could not find this option in IE 11 Internet Zone settings.
 
Firefox: How to do this?


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:27 PM

Posted 08 October 2014 - 05:49 AM

The term drive-by download refers to the unintentional download of a virus or malicious software by visiting a compromised website that is running malicious code or an HTML-based email message that redirects to such a website. A drive-by download will usually exploit vulnerabilities (security flaws) in a browser, program, or operating system that is out of date.

Mitigating Drive-by Downloads

 

Malwarebytes Anti-Exploit (MBAE), formerly ExploitShield by ZeroVulnerabilityLabs, is a security program that runs in the background as a standard Windows Service and protects against zero-day exploits that target browser and application vulnerabilities, blocks unknown and known exploit kits and defends against drive-by download attacks.

MBAE provides three layers of exploit protection (against Operating System security bypasses, memory caller protection, application behavior protection). MBAE continuously monitors popular applications, preventing vulnerabilities in software and browsers from being exploited, blocks unknown and known exploit kits, proactively preventing the exploit from installing its payload before it can do damage. This means that it will protect against code execution that uses a certain vulnerability in an application. MBAE leaves a small footprint...meaning it is not intrusive, does not utilize a lot of system resources and does not use a signature database so there is no need for constant updating.

Malwarebytes Anti-Exploit Premium includes additional protecton (Shields) for PDF readers, Microsoft Office (Word, Excel, Powerpoint), Media players and allows the ability to add/manage custom shields.

MBAE protects the following applications: Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Java, Adobe Acrobat, Adobe Reader, Foxit Reader, Microsoft Office Word, Microsoft Office Excel, Microsoft Office PowerPoint, Windows Media Player, VLC Media Player, Winamp Player, QuickTime Player, Windows Script Host and Windows Help.

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Kilroy

Kilroy

  • BC Advisor
  • 3,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:02:27 PM

Posted 08 October 2014 - 05:54 AM

Get rid of Java and Flash.  The problem with that is everything breaks.

 

I use Firefox and NoScript



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:27 PM

Posted 08 October 2014 - 06:22 AM

Older versions of popular software such as Adobe (Acrobat Reader, Flash Player, Shockwave Player), Java, Windows Media Player, Web Browsers are vulnerable to exploits and should be kept updated. There are serious security issues with older versions which can increase the risk of system infection. Infections spread by malware writers and attackers exploiting unpatched security holes or vulnerabilities in older versions. Software applications are a favored target of malware writers who continue to exploit coding and design vulnerabilities with increasing aggressiveness.
 

The majority of computers get infected from visiting a specially crafted webpage that exploits one or multiple software vulnerabilities. It could be by clicking a link within an email or simply browsing the net, and it happens silently without any user interaction whatsoever.

Web Exploits


Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Exploit Kits - Anatomy of an exploit kit
RIG Exploit Pack
Rig Exploit Kit Used in Recent Website Compromise
Wild Wild West - 07/2014 Most Wanted

Related Resources
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:27 PM

Posted 08 October 2014 - 06:29 AM

Also see How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users