Drive-by Downloads: What They Are and How to Avoid Them

Have you ever picked up a hitchhiker? These travelers often hang out on rural highways, holding their thumbs up in the hopes of hitching a ride—usually in exchange for a story from their travels or a twangy rendition of an early Joni Mitchell song.

Well, the internet has its own hitchhikers: drive-by downloads.

Unlike real hitchhikers, however, we don’t have a choice when it comes to picking up drive-by downloads. These nefarious little pieces of code see us surfing the web and hitch a ride to our next destination, whether we like it or not. Usually we don’t even know that they’re there! As such, it’s important to know what drive-by downloads are and how we can protect ourselves (and our kids) from them.

So what is a drive-by download attack?

Before we can get into the nitty-gritty of these little hitchhikers, let’s answer one question: what is a drive-by download and how does it differ from a worm?

It’s simple: a drive-by download attack is when something is downloaded to your device without your knowledge. Typically, drive-by downloads are malicious programs that install software and download files to your computer or phone without your consent. 

While you might think this only happens on the Dark Web or in online chat rooms, drive-by download attacks can happen to even the most careful internet explorer. Typically, they are triggered when you:

  • Click on an unknown link or email attachment
  • Open a seemingly innocent pop-up window (click here for more info on pop-ups)
  • Download a file without knowing what it is
  • Even by simply scrolling through the internet!

While some are harmless, these nefarious downloads may introduce malware that hijacks your device, spies on your activity, or does personal harm to you by ruining your data or disabling your device.

Sometimes drive-by malware comes in the form of a worm—and no, I don’t mean the little pink animals that wriggle around on rain-soaked sidewalks. A computer worm is a type of malware that easily spreads from computer to computer via your network. Just as the animal regenerates when it is cut in half, a computer worm duplicates itself and tunnels its way into your network, often causing damage along the way. Click here to learn more about worms and how to avoid them.

Give me an example!

What is an example of a drive-by download, you ask? While I haven’t picked up a Bob Dylan-esque hitchhiker, I have been the victim of a drive-by download attack. 

There I was, innocently scrolling through Twitter, when a pop-up showed up on my computer saying that my Adobe Flash Player was out of date. Hmm, odd, I thought. The pop-up looked like the one pictured below, and because it had the official Adobe logo, I thought it was fine. So I clicked download (duh duh duh!). 

I’m sure you can guess what happened next. Yep, I got a virus. Thankfully I caught it and eliminated it before any damage was done, but I was pretty upset that I had fallen victim to a drive-by download attack!

So let this be my warning to you: next time you get a sudden pop-up or unexpected link, don’t click on it until you’ve done some research.

How can we avoid drive-by downloads?

When we think about how advanced cyber security is in 2021, it can be tempting to ask, “are drive-by downloads still possible?” Unfortunately yes, but they can be easily avoided! Here are a few ways to avoid drive-by download attacks:

  • Update your web browser. Drive-by downloads often slide through the cracks when you’re surfing the web with an outdated browser. Keep it up to date!
  • Invest in an internet security system. While most computers and phones have security systems built in, it doesn’t hurt to get the extra protection of a trusted security provider like Norton or McAfee.
  • Use an ad blocker. Most ad blockers catch pop-ups and potential drive-by download attacks before they can invade your computer. 
  • Don’t click on mysterious links. If you get an email from a Catalonian prince promising to make you a billionaire if you just click on one link, it might be best to just delete the email.
  • Try Troomi! Troomi phones that feature internet access are some of the most secure devices on the market. They keep your children safe from all sorts of internet dangers, including drive-by download attacks. Click here to learn more!

So let’s leave the hitchhikers and worms to the real world—our computers are much better off without them. And keep an eye on the Troomi blog for more tech tips and tricks!