Cyberheist Snippet 1: Drive-By Downloads

We're working on our own book here at It's going to be called Cyberheist: The biggest financial threat facing American business since the meltdown of 2008. The book will be a work in progress for the next two months or so, and during that time, I'll be excerpting bits and pieces where appropriate to use for this blog. The first such excerpt is on the topic of drive-by downloads, a technique for stealthy insertion of software on any PC that drops in on the wrong Web page.

[caption id="attachment_202" align="aligncenter" width="250" caption="Our book cover mixes alarm and patriotism pretty nicely"]
Our book cover mixes alarm and patriotism pretty nicely[/caption]

Here's today's Cyberheist snippet:

Understanding drive-by downloads, and the potential risks they pose

A drive-by download is a transfer of software from a Web server to an unsuspecting client that occurs in the background with no notification when a user visits some particular Web page. The “drive-by” terminology indicates that a user need only access the page to be subject to the download, which will invariably include malware when some kind of scam or attack is underway. Because such downloads can install themselves on the systems on which they take up residence, this lets attackers put specific types of malware of their choosing on victim machines. These include programs called keystroke loggers, that record every keypress a user makes on his or her machine into a special file called a keystroke log. These also include a class of software called “Trojans” (short for Trojan Horses, after the famous ruse that let the Greeks gain access to the city of Troy in The Iliad). These programs can access the Internet, and ship that keystroke log off to some designated recipient address. Once received, that keystroke log can be combed for sensitive information — particularly accounts, passwords, challenge-response sequences, and other information that may be used to impersonate authorized users and steal the money at their disposal.

For more information on drive-by downloads, please consult any or all of the following references

Know any other good sources on this topic? Have any suggestions for changes or additions? This is your chance to get in on the ground floor of this project and help us by posting a comment!

Stu Sjouwerman

Topics: Cybercrime, KnowBe4

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews