Threat alert: drive-by download malware is real

You might not have heard of drive-by download malware, but it’s becoming one of the internet’s biggest cybersecurity threats.

It happens when a compromised website or advertising server forces the download of a virus or malicious software file onto an unwitting end user’s device.

It’s no longer necessary to open a file to activate it, with cybercriminals now exploiting security flaws to embed malicious code onto unsuspecting devices by stealth.

Drive-by downloads are most commonly found on low-quality websites such as illegal streams, or foreign-hosted platforms with low-grade advertising networks.

Indeed, adverts are a key vector of drive-by download malware, since pop-ups and banner ads can easily be used to distribute compact files which pull down larger malware once installed.

The threat is real

We’ve previously explained that Windows devices are uniquely vulnerable to malware, given both their popularity and the larger number of security vulnerabilities compared to Apple’s macOS.

The way in which Windows downloads files can present an open goal to drive-by download malware, which is intended to embed itself without the victim being aware.

Once installed, it may be used to control webcams for blackmail purposes, log keystrokes to later log into personal accounts, or attempt to extort victims using threats and blackmail.

This entire process is specifically designed to happen stealthily.

Your correspondent was watching an overseas sports stream recently when the stream cut out, necessitating a click of the Play button to resume coverage.

Almost immediately, a file download notification flashed up at the top of the screen for a fraction of a second.

The PC’s McAfee antivirus package scanned the download, but since it was a zero day malware attack, the file wasn’t recognised as malware and therefore wasn’t quarantined.

It arrived in the customary Downloads folder of Windows 11, and within seconds, it was already up and running in the System folder, consuming 42 per cent of the PC’s resources.

Attempts to delete the file were rebuffed since it was already in use, yet it couldn’t be identified in System.

In response, various steps were taken which should guide your own actions if you’re unfortunate enough to be targeted with a drive-by download malware attack…

How to respond

The following advice is aimed at a layperson using a PC with Windows 11 installed.

It doesn’t guarantee the elimination of any threat from drive-by download malware, but it provides logical, straightforward steps which should help to mitigate and minimise its impact.

As soon as you discover a file has been downloaded onto your computer, shut the machine down. Pull the plug out of the wall if necessary – it’s a lot quicker than a standard Windows shutdown.

Reboot the device and immediately go into the folder where the file was saved – usually the default Downloads folder.

Rename the file in first instance by right-clicking it (avoid using the left mouse button in case you accidently double-click and open it) and pressing F2. This should prevent it from locating itself.

Next, attempt to delete the file. If it’s not already running, it should be sent to the Recycle Bin, which must then be emptied to get the file off your device entirely.

Assuming you already have antivirus software installed, run a full scan of your hard drive.

If you don’t have antivirus software up and running, install a piece of software like Spybot to search for malware.

Call up Task Manager (CTRL + ALT + DEL) and check if a disproportionate quantity of CPU resources or memory are being consumed by one service, program or application.

This is often a warning sign of an ongoing malware infection, so force stop any wayward processes. Ignore any warnings about system instability at this stage – Windows can heal itself later.

We conclude with some general advice. Always use antivirus software with automatic updates permitted; update your operating system in a similar manner; use a safe web browser.

Above all, stay away from low-reputation sites with dubious top-level domains, anything you know to be illegal, and sites attracting warnings from your antivirus package or web browser.

How to respond

The following advice is aimed at a layperson using a PC with Windows 11 installed.

It doesn’t guarantee the elimination of any threat from drive-by download malware, but it provides logical, straightforward steps which should help to mitigate and minimise its impact.

As soon as you discover a file has been downloaded onto your computer, shut the machine down. Pull the plug out of the wall if necessary – it’s a lot quicker than a standard Windows shutdown.

Reboot the device and immediately go into the folder where the file was saved – usually the default Downloads folder.

Rename the file in first instance by right-clicking it (avoid using the left mouse button in case you accidently double-click and open it) and pressing F2. This should prevent it from locating itself.

Next, attempt to delete the file. If it’s not already running, it should be sent to the Recycle Bin, which must then be emptied to get the file off your device entirely.

Assuming you already have antivirus software installed, run a full scan of your hard drive.

If you don’t have antivirus software up and running, install a piece of software like Spybot to search for malware.

Call up Task Manager (CTRL + ALT + DEL) and check if a disproportionate quantity of CPU resources or memory are being consumed by one service, program or application.

This is often a warning sign of an ongoing malware infection, so force stop any wayward processes. Ignore any warnings about system instability at this stage – Windows can heal itself later.

We conclude with some general advice. Always use antivirus software with automatic updates permitted; update your operating system in a similar manner; use a safe web browser.

Above all, stay away from low-reputation sites with dubious top-level domains, anything you know to be illegal, and sites attracting warnings from your antivirus package or web browser.