IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Drive-by downloads proving popular amongst hackers
Thu, 8th Oct 2015
FYI, this story is more than a year old

Hackers are finding ways around user's avoidance of clicking attachments in emails, as drive-by downloads become the preferred way of accessing personal data.

That's according to F-Secure, who says users have to be aware of how these attacks occur and take adequate cyber security measures to protect themselves.

Drive-by downloads are where users unintentionally download viruses or malware. The attacks involve email spam with weblinks that take the recipient to malicious websites.

Jonathan Banks, operator account director, ANZ, F-Secure, says that while people are now more cautious of downloading attachments from emails, online crooks have adapted and found a way to avoid user precautions and install their malware for them.

“People need to stay ahead of the hackers' game and implement security technologies to keep them safe online,” Banks says.

Banks says there are four things to remember when it comes to drive-by downloads.

It's time people understand the risks

By simply clicking on an email, a website, or a pop-up window, rogue software can be installed on devices, Banks says. These attacks work by fooling people into thinking they are legitimate links.

“Even though these attacks have been around for years, people still don't understand what drive-by downloads are and the risks involved,” he says. “If you hear a major site was serving up malware through bad ads, chances are a drive-by download was involved.

It takes a village (or at least an infrastructure) to make it work

“The threat is an ecosystem with many players,” says Banks.

Hackers can buy a list of email addresses and hire spammers to spam email. The spam links to the hired exploit kit vendor who drops a Trojan-downloader (which was bought from some other vendor), and then the Trojan-downloader downloads and installs the hackers' Trojan (which is also likely based on a kit, such as ZeuS).

“People must realise that this is a thriving industry working to gain access to private data,” Banks explains. “This is driving attacks to become more sophisticated.

The threat is multi-layered

Banks says the threat is engineered to get around security software. Keeping all software updated all the time is a necessary precaution. However, Banks says these attacks tend to involve exploit kits that could target any and all vulnerabilities.

“Make sure your security software uses multiple methods to protect against both known and unknown threats,” he says. “For example, the malware might be smart enough to circumvent antivirus software, but another layer of protection will detect and block the threat.

The threat is personalised

“Hackers are increasingly using social engineering techniques to manipulate people into ignoring normal security precautions,” Banks warns.

“By increasing the relevance of the link to the individual user, they increase the chances of the person clicking through and giving hackers access to their data.

 “Hackers often play on users' trust by using a friend's email addresses or an apparently legitimate party, like a bank or big-name company, to execute drive-by download attacks,” he explains. “People should delete any emails requesting sensitive data, be sure to research the facts when contacted by companies or friends, and be suspicious of any unsolicited contact.