Berkeley Lab

Computer Security Annual Training (SEC 0201)

Skip to end of metadata
Go to start of metadata

Drive-By Downloads

    Question

    Which of the websites below contained a drive-by download (a piece of malicious code that downloads to your computer without your knowledge)?

    Click on the images for a full-size view:

    Click for answer

    Drive-by downloads from MSNBC.com, Fox Sports, and a website featuring Linux tutorials infected computers at Berkeley Lab. In each case, the malicious software was inside advertisements on the page (highlighted in the red box).

    Click on the images for a full-size view:

    MSNBC.com

    Fox Sports

    ubuntu geek

    Take Home

    You can be attacked anywhere on the web by drive-by downloads, including at popular websites. You simply visit the site and a drive-by downloads infects your computer with malicious code, often via advertisements. When you visit the site, vulnerabilities in your browser or browser plugins, such as flash, allow infections even if you didn't click any ads or download any files.

    The best way to prevent this is to keep your browser, operating system, and applications up to date.

    Do

    Do Not

    • Do not use Internet Explorer (except when required for Berkeley Lab business applications).
    • Do not ignore update notifications from your OS, browser, and third parties like Adobe.
    • Do not use old browser versions.