Sale % Sale Holiday sale Sale Sale % Sale Sale Holiday sale Sale Sale % Sale Sale Holiday sale

What Is a Drive-By Exploit?

Chad Hammond
browser full of bugs

A drive-by exploit is one of the most subtle and efficient ways for a criminal to infect your device. This method doesn't rely on direct user interaction; that’s why it’s so dangerous. Also referred to as a drive-by download, it delivers malicious software without the user even realizing their device is compromised. Understanding how this process works can help you to limit high-risk actions and protect yourself online.

Infection is the point of contact when a piece of malware installs itself on your phone or laptop. Cybercriminals are always searching for new ways to slip exploitative software onto a victim's hardware. Once they've infected the target, the rest of their work will be easy.

As the name suggests, a drive-by exploit can occur without interrupting the victim’s browsing experience. That’s what makes them so effective: you don’t have to click on a pop-up ad or a flashing red button. By the time a victim begins to suspect that something's wrong, it’s already too late.

How do drive-by downloads work?

There are two strategies that have become particularly prevalent for launching these exploits.

  • Malvertising

  • Infectious websites

Malvertisements are malicious online adverts. Users don’t need to click on them because simply coming to a page that displays an infectious ad can trigger the download process. We’ll go into this problem and how to combat it in more depth later on.

Infectious websites are also a major risk, and they usually take one of two forms. The hacker can design a download-initiating website from scratch, or they can hijack an existing platform. By infiltrating the backend of a legitimate site or application, they can rig the host with their own malicious code. Site admins might not even notice that infiltration, and now any user viewing their content could be the target of an exploit kit.

What is an exploit kit?

An exploit kit is the piece of software programmed by an attacker. This is the kind of malware that a drive-by download will try to install. It's designed to avoid detection, so your device will continue to operate normally, even after it becomes infected.

The exploit kit can then probe and explore the security functions on your device, searching for any weaknesses. Once it finds a vulnerability, it can instigate further attacks or download more malware.

It may be some time before the attacker launches the next stage of their attack. Days or weeks later, they might steal private data or use the victim’s device as part of an illegal botnet. By that time, it will be too late for the user to protect themselves.

The threats of malvertising

A growing problem online is malvertising, and it's the perfect delivery method for a drive-by exploit.

Significant sections of the online world now run on ad revenue. From global news outlets to illegal pirating sites, hosting adverts is an essential money-maker.

Most of these platforms don’t handpick the content themselves, relying on other services to fill their ad spaces. This is time-efficient, but the screening processes for third-party advertisers are notoriously ineffective. It’s never been easier for criminals to get their malvertisements in front of thousands of potential victims.

That would be bad enough if users were only at risk when actively engaging with adverts, but that’s where pre-click malvertising comes in. This kind of malvertising can launch drive-by downloads as soon as the ad loads onto a page.

How to avoid drive-by exploit attacks

  • Use an ad-blocker

Ad-blockers limit how many banners and pop-ups you're exposed to. Pre-click downloads launch when a malicious advert runs its scripts, but it can't begin that process if your blocker won’t let it load. You can also invest in script-blocking software that will scan for malicious coding on each new page. This won't protect you from all drive-by exploits, but it will go a long way to combating the malvertising threat.

  • Be wary of email links

Even if an ad-blocker limits a hacker's malvertising access, they can still lure users to their own infectious websites. Phishing emails can be an effective way of snagging the victim. Disguised as a legitimate sender — a bank or phone company, for example — they'll urge victims to follow a link in the email. Avoiding this threat is simple: don't click on any URLs or hyperlinks in suspect messages. If a sender you don't know is urging you to change a password or claim a prize, be very cautious.

  • Keep software up-to-date

Tempting as it is to keep hitting 'remind me later,' you shouldn't ignore software updates. Exploit kits take advantage of weak spots on your device, which are often created by out-of-date programs. Keeping operating systems and browsers updated could stop a drive-by download exploiting your device, even after infection. This also applies to the smaller add-ons you might be forgetting about. Don’t let an old Chrome extension be an attacker’s access point.

  • Use antivirus software.

People often assume that they won’t need antivirus software because they don't frequent the riskier areas of the internet. As the dangers of malvertising and phishing links show, that’s not the case. Even on mainstream platforms, from news outlets to streaming sites, there are dangers. Strong antivirus protection will add an extra layer of security for your device and your data.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.