| Drive-By Download Attacks: Don't Get Caught
This edition's Security Spotlight comes to us courtesy of WatchGuard® Technologies, who produced the "cubecast" Drive-By Downloads.
What is a drive-by download? According to TechTarget's WhatIs.com:
"A drive-by download is a program that is automatically downloaded to your computer, often without your consent or even your knowledge. Unlike a pop-up download, . . . a drive-by download is carried out invisibly to the user: it can be initiated by simply visiting a Web site or viewing an HTML e-mail message. . . If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any action on your part." (See also http://en.wikipedia.org/wiki/Drive-by_download)
This twelve minute video demos a "drive-by download" attack, lists visual cues of an infection, and shows how a behind-the-scenes tool like a packet-sniffer reveals what happens during an attack.
How can you protect yourself against a drive-by download? According to the video, common sense plus multiple layers of defense:
- Keep up with patches
- Harden your web browser: use a high security setting and disable active scripting
- Use anti-virus and anti-spyware programs and keep it current
- Block dangerous file types at your firebox
|
|
|
