Several of our customers have contacted us with tales of virus or malware issues, usually preceded with “All I did was visit this website and I didn’t download anything!”
Much like Baltimore Ravens fans over the team’s recent string of losses, they had confusion and a bit of anger over how this fate could have befallen them.
The culprit is a sneaky piece of programming known as a “drive-by download.” Usually, the key action that resulted in the malware infiltration was the approving of a toolbar or add-on, which then let the malicious code do its stuff.
Below is a narrative from microsoft.com explaining the “drive-by download” that I’ve slightly edited to ensure it’s understandable:
“…A drive-by download site is a website that hosts one or more sets of exploit code that target specific vulnerabilities in web browsers, and browser add-ons. Malware distributors use various techniques to attempt to direct Internet users to Web sites that have been compromised or are intentionally hosting hostile code. Users with vulnerable computers can be secretly infected with malware simply by visiting such a website, even without attempting to download anything themselves. This technique usually involves posting exploit code to a legitimate website, either by gaining access to the site through intrusion or by posting malicious code to a poorly secured Web form, like a comment field on a blog. In most cases, the exploit code itself is hosted on a different website and is exposed through visiting the compromised webpage…”
The more you know…..