James Steidl - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

How can drive-by download attacks be prevented?

Expert Nick Lewis offers some strategies that enterprises can use to avoid the threat of drive-by download attacks and improve employee awareness of the risks.

A number of drive-by-download attacks are infiltrating systems by methods as simple as prompting users to click to close a pop-up window. How can I make my employees more aware of these threats, and is there any way to tell which of these things are malicious?

While employees must be adequately trained and participate in an ongoing information security awareness program, training is not effective prevention for all types of attacks. General endpoint security hygiene must be in place along with baseline security awareness to prevent attacks from being successful.

First, basic security awareness around installing mobile applications is critical. Enterprises should update their mobile security awareness programs to include information about only installing applications from trusted and approved application stores; this will help prevent malware like Torpig from getting installed. An example to include in training could be installing an application based on clicking on a banner ad; this type of download is likely to install an app that includes unwanted functionality that could steal data or passwords. Also, if during installation an error message about the app not being signed pops up, users should cancel the install immediately.

Unfortunately, people will not always be able to distinguish malicious content from legitimate content, so systems must be designed to give employees the least number of opportunities to make bad decisions and to minimize the effects of clicking on a drive-by download.

Implementing tools that monitor the network and block drive-by download threats -- such as firewalls, intrusion detection systems and antimalware devices -- can be the most effective mechanisms for blocking attacks, but not all Internet access will use the enterprise network and be blocked. Endpoint security tools can be used for similar functionality, but must be installed and operating correctly to be effective -- this depends heavily on the endpoint being managed.

Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)

Next Steps

Learn more about drive-by download attack defense and prevention.

This was last published in March 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal