You are looking at an archive of the saferinternet.org website.

Visit the new Safer Internet Portal
Spacer
Spacer Home > Safety issues  > FAQs  > Drive-by viruses 
Spacer
 DE  Separator Line  FR 
 

The drive-by virus - another form of attack.

Media interest in this threat to Internet Safety has gathered apace recently, accompanied by blogs and youtube videos.
What is a drive-by virus?
The term virus is perhaps not fully accurate as it isn't a particular virus but a method by which some form of malware (malicious software) can be caught. The drive-by effect is to make the user run a programme that then has unwanted consequences. In short, the activity is centred on home wireless routers where a seemingly anodyne Java applet or Direct-X control can be used to gain access to a personal computer and then make it ripe for infection with any  form of malware.

How can a computer become infected with a virus?
It is only if a user runs a programme that a virus can be caught. That is why an e-mail cannot in itself infect a computer; an attachment, however can as by clicking on it you may be asking your computer to do just that. With a drive-by virus, when you open a web page and then accept to run a Java Applet or Active-X control, you are asking your computer to run a programme. Fraudsters exploit the fact that many people are not conscious of what they are doing as many are so used to blindly accepting to run these kind of add-ons to a web page.

How does a drive-by virus work?
What the virus does is to exploit the way that home wireless networks are set up to gain access to the computer from inside, thereby circumventing the protection offered by a firewall. The effect will depend very much on what the intention of the malware is but often it leads to capturing details submitted to a genuine site such as e-banking. This is known as pharming. There is a distinction to be made with phishing where data is submitted to a spoof website. Most anti-virus applications can help in countering phishing but not pharming because the malware is running inside the firewall.

Where can I get more information?
The phenomenon is not new. Already in December 2006, Symantec Inc. published a study "Drive-by Pharming" in which the process is described and the vulnerabilities exposed. 

Some specialists have run tests comparing different browsers to see how vulnerable they are to this form of attack but, as it has been pointed out, although updates and upgrades are available which may solve a part of the problem, there remains a large number of internet users who do not install these.

At the same time, an experiment carried out by IT safety professional Didier Stevens shows that we compromise our own safety by following links which are explicitly marked as a way of getting a virus.

How can I protect myself?
Fundamentally, the best form of protection is awareness and behaving responsibly on-line:
  • only visit sites you trust,
  • regularly update your browser and anti-virus applications,
  • consider not accepting to run controls on web sites or
  • disable plug-ins from your browser.

To disable plug-ins in Internet Explorer 7, click on Tools > Manage Add-ons > Enable or disable Add-ons and then choose which you want to run or not.
 
Spacer Spacer Spacer
Spacer
Design Copyright © 2005 European Schoolnet. All rights reserved..
co-funded by the European Union
Spacer