display | more...

Welcome to the New Age of the Internet.

In case you think spam, popunder windows, VBScript worms, intrusive Flash ads that dance around on top of the page you're trying to view, and tracking cookies just don't fuck up your browsing experience enough, the lowlife scum-sucking sewer rats of the Internet are increasingly using a tactic that has already garnered itself a flashy buzzword nickname: the drive-by download.

Unlike "pop-up downloads", which usually show a deceptive ActiveX installation box (such as "Would you like to download and run NIFTY SPARKLY BROWSER BITS THAT WON'T HARM YOUR SYSTEM WHATSOEVER? -- click here to read our privacy policy in which we fuck you up the virtual ass"), these downloads are performed silently -- with no notification to the user whatsoever -- by websites that take advantage of security holes in software, particularly ActiveX. Once installed, these pieces of software -- usually spyware or a browser hijacker -- often open further security holes (often lowering IE security settings) and create multiple redundant installation points (such as registered DLLs, fake root certificates, "Run" keys in the registry, and Startup menu items) on the compromised system, making it difficult to expunge the program; in this way, they are remarkably similar to viruses and worms.

As usual, these sorts of tactics are taken up by individuals and companies selling something so vile, useless, misleading, or illegal that normal channels of advertisement would be useless (or dangerous). Drive-by downloads are common on typo URLs (such as "slashdto.org") held by cybersquatters hoping to make a quick dishonest buck off other peoples' mistakes. Notorious spyware programs such as the Xupiter toolbar and Gator also install in this manner and go to town. After all, you hooked the computer up to the Internet, so it's their right to exploit it by whatever means possible! You know, just like walking on the street gives anyone the right to spray-paint a casino ad on your ass, or how CompUSA sticks that bomb-slash-homing-device on your car as you pull out of their parking lot, so they can rend you into juicy niblets if you come within fifty feet of a Fry's.

Luckily, just as virii have their antivirus programs, programs that resort to drive-by downloading have their detection and removal utilities; two such free applications are Ad-Aware and SpyBot Search & Destroy. SpyBot even goes the extra mile by "immunizing" your system, locking down the most commonly exploited holes through which drive-by downloads occur. It is also worth noting that other browsers such as Mozilla, Opera, or Safari are typically less susceptible to these attacks, due to their lack of (or at least less) integration with ActiveX.

The moral? If you're going to use Internet Explorer or Outlook Express, don't assume that you're safe simply because you haven't clicked the "Always trust content from XXXX" box. Scumware piggybacks on other software, slips through holes in Outlook Express, and disguises itself as fake scripting errors; and once one slips through, it often throws the doors wide open for other programs to follow. Stay vigilant and don't make assumptions... or shut off active scripting altogether.

Thank you to lj for reminding me that other browsers are out there and generally more secure than IE.


It's worth noting that after posting this, I had several folks /msg me with comments insisting that IE can't install things without my permission, I must have clicked on the "do you want to download and run" box without realizing it, I must be one of those idiots who opens e-mail attachments and then is surprised when I get a virus, et cetera. Fine. Believe what you want. Then run Spybot and realize what sort of crap slipped through without you realizing it. As for me, I'm running Mozilla Firefox now.

Log in or register to write something here or to contact authors.