What are Drive-by Downloads?

Drive-by downloads happen when an attacker tricks the user’s browser into downloading some malware without any interaction or warning. Simply viewing the content triggers the download automatically.

Preventing Drive-by Downloads

Almost any web content can initiate this kind of attack. In many cases the drive-by download is initiated by code within a banner ad on a legitimate website. The attacker is able to trick the advertising network into sending the exploit code along with some random advertising image.

Alternatively, the attacker can compromise a website by hacking the server and installing the drive-by download code directly into the website. Finally, the attackers can set up their own website hosting the malware, attracting victims through search optimization, ads, or other links.

No matter the source, as soon as a browser accesses the drive-by download code, the attack is initiated. There is no need for the user to click on a link to start the download, just seeing the page or the ad is enough to launch the attack. Typically there is no warning about the download and the malware runs automatically without any prompt or action by the user.

Once executed, the malware can take control of the computer, retrieve files, capture passwords, and start to attack other devices on the network.

Passages protects against drive-by downloads in 3 ways:

The Passages Virtual Machine contains the downloaded malware. It prevents all unwanted communication between the local machine and the virtual environment. The downloaded malware is prevented from infecting or impacting the host computer, and at the end of the session it is all completely destroyed.

The Passages Virtual Private Network prevents the malware from attacking other devices by segregating all network traffic from the browser away from the physical local network. It ensures that the downloaded malware, cannot see or attack other devices on the local network. These include vulnerable devices like network printers and valuable devices like domain servers and databases.

Finally, Safehold ensures that unintentionally downloaded malware files never make it to the user’s local computer. All files downloaded from the web end up in the Safehold server, where they are automatically checked by multiple best of class malware scanners. Only files that test as safe are made available to the user, who manually initiates the download. The download to the user’s local computer is never automatic and cannot be initiated by anything on a web page or running inside the Passage Virtual Machine.