Home Page Navigation Contents Contact Sitemap

Drive-by infections

The term «drive-by infection» is used to describe a computer malware infection (e. g. a virus, Trojan etc.) caught simply by visiting a website. Just surfing to an affected website is enough to infect a computer. Affected websites often contain legitimate offers and have been compromised first to then distribute malware.

 

The best ways to protect yourself ...
Info sheet: «Drive-by Infections» Information and Prevention
  • always use the latest version of your browser, including
    plugins (e. g. Adobe Flash Player, JavaScript etc.)
  • always keep your operating system and all installed
    programs up-to-date (e. g. Adobe Acrobat Reader)
  • always update your virus scanner
  • regularly check your hard disk for viruses
  • if possible, deactivate scripts (JavaScript, ActiveX etc.) in your browser

Dangers

The affected websites are systematically manipulated by hackers, who exploit vulnerabilities in web applications. The website operator usually does not notice there is anything wrong at all. The following issues show why drive-by infections are so dangerous and unpredictable:

  • With drive-by infections, it is enough to simply visit a website to infect a computer with malware. Visitors don't need to start a download or install anything - the website does this automatically!
  • The malware download is started when visitors access the site, serving to override firewalls and NATs (Network Address Translation), so that these don't offer any protection!
  • It is not just websites offering pornographic or racist content being targeted, but also sites which would never be suspected. Even legitimate, well-known and frequently-visited websites have been known to have become infected with malicious code.

Technology

Websites today often include dynamic functions, implemented via technologies such as JavaScript, Java, ActiveX, PHP or Adobe Flash. These technologies allow for continuous communication between browser and server during a session (time a visitor stays at a website), without the need for the visitor to carry out any actions. This is for instance used to change web banners, load lists or send data to servers. Such actions are usually run in the so-called «sandbox» of a browser. A sandbox is generally a browser component meant to diminish the risk potential inherent in the Internet and involves placing doubtful scripts inside an enclosed area, where they can be executed safely (i. e. they only have limited access, for instance to local hard drives). Yet If a browser has a relevant safety gap, such scripts can access a user's computer directly. This therefore enables malware to move from the server to the browser, and via the security gap to the user's computer, without any conscious action by the website visitor at all.

Protection

There are currently no really good protection measures at all. To provide some measure of protection, you should however always use the latest version of your browser and all plug-ins (auxiliary programs expanding browser functionality). To be absolutely safe, you can deactivate script languages, but this is an «extreme» solution, as some 70 per cent of all websites depend on technologies such as JavaScript, Java, ActiveX, PHP or Adobe Flash to display various pages correctly, which then no longer is the case. Alternatively, scripts can be selectively run and authorised, for instance using «NoScript» or «FlashBlock» for Firefox.

Another important security measure is to always have your virus scanner up-to-date. As many viruses are only extracted once they reach the user's machine and are downloaded in compressed shape, a virus scanner cannot always detect them. It is therefore vital to regularly check your hard disk for viruses (e. g. weekly).

Is this page secure?

Norton (Symantec) offers a service on their website enabling you to find out the respective security status (and any current threats) of some well-known websites.

Just open the Norton Safe Web website and enter the address of the relevant website into the space provided. You will then receive an assessment of that site from Norton.

 

Aargauische KantonalbankBaloise Bank SoBaBanca del SempioneBancaStatoBank BSUBank CoopBank LinthBanque CIC (Suisse)Basellandschaftliche KantonalbankBasler KantonalbankFreiburger KantonalbankBanque Cantonale du JuraBanque Cantonale NeuchâteloiseBanque Cantonale VaudoiseBerner KantonalbankBernerland BankBSI AGBanca Popolare di Sondrio (SUISSE)cash zweiplusClientisCornèr Bank AGCredit SuisseGlarner KantonalbankGraubündner KantonalbankHypothekarbank LenzburgLuzerner KantonalbankMigros BankNidwaldner KantonalbankObwaldner KantonalbankPostFinanceSchaffhauser KantonalbankSchwyzer KantonalbankUBSUrner KantonalbankVP BankWalliser KantonalbankZuger KantonalbankZürcher Kantonalbank