Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
Image of a satnav device showing mapping

Mapping the route to drive-by download mitigation

Posted on June 16, 2016June 16, 2016 By Davey Winder

We can trace the roots of drive-by downloads back to 1996 and the introduction of ActiveX controls in IE 3

These controls enabled automatic downloads, and so also enabled the bad guys to equip themselves with yet another malware distribution route. Not that I can actually say there were drive-by downloads – as we know them today – happening back in 1996, at least not recorded as such. I’m pretty sure that the IE3 ActiveX controls were the catalyst, and can recall speaking to some hackers at the time who were more than a little excited about the potential of the technology as a malware distribution methodology.

But if IE3 was the catalyst, the true tipping point into the big time of cybercrime would have to wait for 10 years and the release of the first web exploit kits – such as MPack and WebAttacker – in 2006. These kits bundled together the various scripts and tools needed to launch drive-by attacks without requiring the attacker to be an expert hacker. By making it easier to carry out such an attack, popularity was guaranteed; and popular they soon became. Web exploit kits continue to evolve, but the presence of the drive-by download at the core of the bulk of attacks remains to this day. However, the main difference is that they are now even easier to use, thanks to integrated interfaces and even licensed support. They are also cheap and, if you know where to look, plentiful. The end result is a steady stream of victims whose computers and networks are infected with malware through stealthy means.

Click here to read complete article

Research

Post navigation

Previous Post: Five weirdest password alternatives of all time
Next Post: Has ransomware become the Chicken Little of the security industry?

Related Articles

Jaw-Dropping New Hack Turns Your Phone Screen Into Covert Spy Camera Hacking
Warning As 1Password, DashLane, LastPass And 3 Others Leak Passwords Infosecurity
New iPhone Security Warning As Malicious Lockdown Mode Trick Revealed Apple
iLeakage Hackers Can Read Gmail On All 2020 Or Later iPhones And Macs Apple
New iPhone iOS 16 Bluetooth Hack Attack—How To Stop It Analysis
Free iPhone 14 Pro: Apple Taking Applications Now, But There’s A Catch Apple

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government Hackers Hacking Health healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Twitter Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2025 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy