Data Dive: An accidental “drive-by” on the Internet highway (Part 1)

Whether you are driving down a questionable road or browsing an unfamiliar web site, be sure to know the risks to help avoid unintended consequences.

Driving and online browsing require caution. (Source: Getty Images)

Imaging you are driving a car through an unknown part of town. You blindly follow directions using a voice-assisted navigation assistant on your mobile phone. Perhaps the surroundings are so disorienting that you fail to notice another car trailing yours and taking many of the same turns. Could the driver be attempting to follow you home?

In our hurry to “get there fast” both on the road and on the web, we sometimes overlook signs that warn us of impending danger.

What is a “Drive-By Download” attack?

A drive-by download (DbD) attack occurs when an unsuspecting user visits a web site and unintentionally downloads malicious code. Malware distributors use various techniques to attempt to direct Internet users to Web sites that have been compromised or are intentionally hosting malicious code. Users with vulnerable computers can be secretly infected with malware simply by visiting such a website, even without attempting to download anything themselves.

You could be browsing online for something to buy, click a link within the search results, and proceed add products to a shopping cart…only to unintentionally download malware without your knowledge!

Where are Drive-By Downloads most concentrated?

Microsoft’s threat research team tracks drive-by downloads that affect web browser vulnerabilities. Malicious sites and web servers that host drive-by download attacks are found all over the world in different concentrations and can evolve rapidly over time. For the period from January 2018 to March 2019, the highest concentration of drive-by download URLs was found in Myanmar: out of 1,000 URLs indexed, 4.97 URLs hosted drive-by download attacks. Samoa (2.64 DbD URLs), El Salvador (1.67 DbD URLs), Saint Lucia (1.57 DbD URLs) and Afghanistan (1.28DbD URLs) were also identified among the highest concentrations.

Note: The systems hosting drive-by downloads and malware hosting sites are typically compromised systems, such that their owners do not know they are being used to attack other Internet users.

The line graph shows worldwide drive-by download trends from Jan 2018 — Mar 2019, with a global average of 0.08 DbD encounters per 1,000 URLs vs. Myanmar’s 4.97 DbDs. (Source: Microsoft Security Intelligence Report)

What Can you do about DbD attacks?

Whether you are a software developer, IT professional, or end user, there are ways to reduce the risk of drive-by download attacks. In Part 2 of this article, we will share tips and best practices to help reduce the risk of Drive-By Download attacks.

Stay tuned by following the Microsoft Cybersecurity publication. You can also explore the interactive Security Intelligence Report for yourself!