Paradoxically, it’s because current anti-malware solutions are much more effective than they have ever been in detecting worms and viruses, that we’re now faced with another insidious form of attack.
Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and more crafty recently.
More than three million unique URLs on over 180,000 websites are automatically installing malware via drive-by downloads, according to recent statements by the Google Anti-Malware Team. Google has not been alone in noticing this trend by criminal hackers using these techniques. IBM noted recently, that criminals are directly attacking web browsers in order to steal identities, gain access to online accounts and conduct other illicit activities.
If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge. This action can occur while visiting an infected web site, as previously noted, opening an infected HTML email, or by clicking on a deceptive popup window. Often more than one program is downloaded, for example, file sharing with tracking spyware is very common. Again, it’s important to remember that this can take place without warning or your approval.
What can you do to ensure you are protected, or to reduce the chances you will become a victim?
As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:
- When surfing the web: Stop. Think. Click
- Don’t open unknown email attachments
- Don’t run programs of unknown origin
- Disable hidden filename extensions
- Keep all applications (including your operating system) patched
- Turn off your computer or disconnect from the network when not in use
- Disable scripting features in email programs
- Make regular backups of critical data
- Make a boot disk in case your computer is damaged or compromised
- Turn off file and printer sharing on the computer.
- Install a personal firewall on the computer.
- Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
- Ensure the anti-virus software scans all e-mail attachments
- Install McAfee Site Advisor, WOT, or a similar browser add-on
Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.